From cf3c3a9dcc53a5478de87055662147cc188a0d89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Jacquin?=
 <1536771+remyj38@users.noreply.github.com>
Date: Mon, 28 Jul 2025 17:18:46 +0200
Subject: [PATCH] Add support for take-ownership Helm flag (#957)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

SUMMARY
Add support for take-ownership Helm flag added in Helm 3.17.0
ISSUE TYPE

Feature Pull Request

COMPONENT NAME

kubernetes.core.helm

Reviewed-by: Yuriy Novostavskiy
Reviewed-by: Rémy Jacquin
Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
---
 ...50911-add-support-helm-take-ownership.yaml |  2 +
 docs/kubernetes.core.helm_module.rst          | 23 +++++-
 plugins/modules/helm.py                       | 21 +++++
 .../targets/helm/defaults/main.yml            |  1 +
 tests/integration/targets/helm/tasks/main.yml |  1 +
 .../targets/helm/tasks/run_test.yml           |  3 +
 .../helm/tasks/test_helm_take_ownership.yml   | 81 +++++++++++++++++++
 7 files changed, 131 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/20250911-add-support-helm-take-ownership.yaml
 create mode 100644 tests/integration/targets/helm/tasks/test_helm_take_ownership.yml

diff --git a/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml b/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml
new file mode 100644
index 00000000..bd4d16ca
--- /dev/null
+++ b/changelogs/fragments/20250911-add-support-helm-take-ownership.yaml
@@ -0,0 +1,2 @@
+minor_changes:
+  - helm - Parameter take_ownership added (https://github.com/ansible-collections/kubernetes.core/pull/957).
diff --git a/docs/kubernetes.core.helm_module.rst b/docs/kubernetes.core.helm_module.rst
index b81eb983..22c366f1 100644
--- a/docs/kubernetes.core.helm_module.rst
+++ b/docs/kubernetes.core.helm_module.rst
@@ -601,6 +601,27 @@ Parameters
                         <div>Skip custom resource definitions when installing or upgrading.</div>
                 </td>
             </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>take_ownership</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 6.1.0</div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>When upgrading, Helm will ignore the check for helm annotations and take ownership of the existing resources</div>
+                        <div>This feature requires helm &gt;= 3.17.0</div>
+                </td>
+            </tr>
             <tr>
                 <td colspan="2">
                     <div class="ansibleOptionAnchor" id="parameter-"></div>
@@ -734,7 +755,7 @@ Parameters
               </td>
               <td>
                       <div>Use HTTP instead of HTTPS when working with OCI registries</div>
-              </td>
+                </td>
             </tr>
     </table>
     <br/>
diff --git a/plugins/modules/helm.py b/plugins/modules/helm.py
index 8d8ecc25..84d38759 100644
--- a/plugins/modules/helm.py
+++ b/plugins/modules/helm.py
@@ -244,6 +244,13 @@ options:
     type: bool
     default: False
     version_added: 6.1.0
+  take_ownership:
+    description:
+      - When upgrading, Helm will ignore the check for helm annotations and take ownership of the existing resources
+      - This feature requires helm >= 3.17.0
+    type: bool
+    default: False
+    version_added: 6.1.0
 extends_documentation_fragment:
   - kubernetes.core.helm_common_options
 """
@@ -560,6 +567,7 @@ def deploy(
     reset_then_reuse_values=False,
     insecure_skip_tls_verify=False,
     plain_http=False,
+    take_ownership=False,
 ):
     """
     Install/upgrade/rollback release chart
@@ -573,6 +581,8 @@ def deploy(
         deploy_command = command + " upgrade -i"  # install/upgrade
         if reset_values:
             deploy_command += " --reset-values"
+        if take_ownership:
+            deploy_command += " --take-ownership"
 
     if reuse_values is not None:
         deploy_command += " --reuse-values=" + str(reuse_values)
@@ -851,6 +861,7 @@ def argument_spec():
                 type="bool", default=False, aliases=["skip_tls_certs_check"]
             ),
             plain_http=dict(type="bool", default=False),
+            take_ownership=dict(type="bool", default=False),
         )
     )
     return arg_spec
@@ -906,6 +917,7 @@ def main():
     reset_then_reuse_values = module.params.get("reset_then_reuse_values")
     insecure_skip_tls_verify = module.params.get("insecure_skip_tls_verify")
     plain_http = module.params.get("plain_http")
+    take_ownership = module.params.get("take_ownership")
 
     if update_repo_cache:
         run_repo_update(module)
@@ -924,6 +936,14 @@ def main():
                     helm_version
                 )
             )
+    if take_ownership:
+        helm_version = module.get_helm_version()
+        if LooseVersion(helm_version) < LooseVersion("3.17.0"):
+            module.fail_json(
+                msg="take_ownership requires helm >= 3.17.0, current version is {0}".format(
+                    helm_version
+                )
+            )
 
     opt_result = {}
     if release_state == "absent" and release_status is not None:
@@ -1083,6 +1103,7 @@ def main():
                     reset_then_reuse_values=reset_then_reuse_values,
                     insecure_skip_tls_verify=insecure_skip_tls_verify,
                     plain_http=plain_http,
+                    take_ownership=take_ownership,
                 )
                 changed = True
 
diff --git a/tests/integration/targets/helm/defaults/main.yml b/tests/integration/targets/helm/defaults/main.yml
index a6263619..9ef99a16 100644
--- a/tests/integration/targets/helm/defaults/main.yml
+++ b/tests/integration/targets/helm/defaults/main.yml
@@ -29,3 +29,4 @@ test_namespace:
   - "helm-chart-with-space-into-name"
   - "helm-reset-then-reuse-values"
   - "helm-insecure"
+  - "helm-test-take-ownership"
diff --git a/tests/integration/targets/helm/tasks/main.yml b/tests/integration/targets/helm/tasks/main.yml
index a5f69a9d..4a2c028b 100644
--- a/tests/integration/targets/helm/tasks/main.yml
+++ b/tests/integration/targets/helm/tasks/main.yml
@@ -6,3 +6,4 @@
   with_items:
     - "v3.15.4"
     - "v3.16.0"
+    - "v3.17.0"
diff --git a/tests/integration/targets/helm/tasks/run_test.yml b/tests/integration/targets/helm/tasks/run_test.yml
index 01c7f553..0ae279a3 100644
--- a/tests/integration/targets/helm/tasks/run_test.yml
+++ b/tests/integration/targets/helm/tasks/run_test.yml
@@ -47,6 +47,9 @@
 - name: Test insecure registry flag feature
   include_tasks: test_helm_insecure.yml
 
+- name: Test take ownership flag feature
+  include_tasks: test_helm_take_ownership.yml
+
 - name: Clean helm install
   file:
     path: "{{ item }}"
diff --git a/tests/integration/targets/helm/tasks/test_helm_take_ownership.yml b/tests/integration/targets/helm/tasks/test_helm_take_ownership.yml
new file mode 100644
index 00000000..3e631c5b
--- /dev/null
+++ b/tests/integration/targets/helm/tasks/test_helm_take_ownership.yml
@@ -0,0 +1,81 @@
+---
+- name: Test helm take ownership
+  vars:
+    helm_namespace: "{{ test_namespace[13] }}"
+  block:
+
+    - name: Initial chart installation (no flag set)
+      helm:
+        binary_path: "{{ helm_binary }}"
+        chart_ref: "{{ chart_test_oci }}"
+        release_name: test-take-ownership
+        release_namespace: "{{ helm_namespace }}"
+        create_namespace: true
+      register: install
+
+    - name: Validate that take-ownership flag is not set
+      assert:
+        that:
+          - install is changed
+          - '"--take-ownership" not in install.command'
+
+    - name: Upgrade chart (take-onwership flag set)
+      helm:
+        binary_path: "{{ helm_binary }}"
+        chart_ref: "{{ chart_test_oci }}"
+        release_name: test-take-ownership
+        release_namespace: "{{ helm_namespace }}"
+        take_ownership: true
+        values:
+          commonLabels:
+            take-onwership: "set"
+      register: upgrade
+      ignore_errors: true
+
+    - name: Validate that take-ownership flag IS set if helm version is >= 3.17.0
+      assert:
+        that:
+          - upgrade is changed
+          - '"--take-ownership" in upgrade.command'
+      when: '"v3.17.0" <= helm_version'
+
+    - name: Validate that feature fails for helm < 3.17.0
+      assert:
+        that:
+          - upgrade is failed
+          - '"take_ownership requires helm >= 3.17.0" in upgrade.msg'
+      when: 'helm_version < "v3.17.0"'
+
+    - name: Upgrade chart (take-onwership flag not set)
+      helm:
+        binary_path: "{{ helm_binary }}"
+        chart_ref: "{{ chart_test_oci }}"
+        release_name: test-take-ownership
+        release_namespace: "{{ helm_namespace }}"
+        values:
+          commonLabels:
+            take-onwership: "not-set"
+      register: upgrade
+      ignore_errors: true
+
+    - name: Validate that take-ownership flag IS set if helm version is >= 3.17.0
+      assert:
+        that:
+          - upgrade is changed
+          - '"--take-ownership" not in upgrade.command'
+      when: '"v3.17.0" <= helm_version'
+
+    - name: Validate that feature fails for helm < 3.17.0
+      assert:
+        that:
+          - upgrade is changed
+          - upgrade.msg is not defined
+      when: 'helm_version < "v3.17.0"'
+
+  always:
+    - name: Remove helm namespace
+      k8s:
+        api_version: v1
+        kind: Namespace
+        name: "{{ helm_namespace }}"
+        state: absent