prepare release 5.1.0 (#865)

SUMMARY
This release came with new module helm_registry_auth, and improvements to the error messages in the k8s_drain module, new parameter insecure_registry for helm_template module and several bug fixes.
ISSUE TYPE

New release pull request

Changelog
Minor Changes

Bump version of ansible-lint to minimum 24.7.0 (#765).
Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify (#805).
connection/kubectl.py - Added an example of using the kubectl connection plugin to the documentation (#741).
k8s_drain - Improve error message for pod disruption budget when draining a node (#797).

Bugfixes

helm - Helm version checks did not support RC versions. They now accept any version tags. (#745).
helm_pull - Apply no_log=True to pass_credentials to silence false positive warning.. (#796).
k8s_drain - Fix k8s_drain does not wait for single pod (#769).
k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is part of a stateful set  (#792).
kubeconfig option should not appear in module invocation log (#782).
kustomize - kustomize plugin fails with deprecation warnings (#639).
waiter - Fix waiting for daemonset when desired number of pods is 0. (#756).

New Modules

helm_registry_auth - Helm registry authentication module

ADDITIONAL INFORMATION
Collection kubernets.core version 3.1.0 is compatible with ansible-core>=2.15.0

Reviewed-by: Mike Graves <mgraves@redhat.com>

.config/ansible-lint-ignore.txt

@@ -0,0 +1,2 @@
+# no-changed-when is not requried for examples
+plugins/connection/kubectl.py no-changed-when

.config/ansible-lint.yml

@@ -2,5 +2,7 @@
 profile: production
 
 exclude_paths:
+  - .ansible/
   - tests/integration
+  - tests/unit
   - tests/sanity

.github/stale.yml

@@ -1,60 +0,0 @@
----
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 90
-
-# Number of days of inactivity before an Issue or Pull Request with the stale
-# label is closed. Set to false to disable. If disabled, issues still need to be
-# closed manually, but will remain marked as stale.
-daysUntilClose: 30
-
-# Only issues or pull requests with all of these labels are check if stale.
-# Defaults to `[]` (disabled)
-onlyLabels: []
-
-# Issues or Pull Requests with these labels will never be considered stale. Set
-# to `[]` to disable
-exemptLabels:
-  - security
-  - planned
-  - priority/critical
-  - lifecycle/frozen
-  - verified
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: true
-
-# Set to true to ignore issues with an assignee (defaults to false)
-exemptAssignees: false
-
-# Label to use when marking as stale
-staleLabel: lifecycle/stale
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 30
-
-pulls:
-  markComment: |-
-    PRs go stale after 90 days of inactivity.
-    If there is no further activity, the PR will be closed in another 30 days.
-
-  unmarkComment: >-
-    This pull request is no longer stale.
-
-  closeComment: >-
-    This pull request has been closed due to inactivity.
-
-issues:
-  markComment: |-
-    Issues go stale after 90 days of inactivity.
-    If there is no further activity, the issue will be closed in another 30 days.
-
-  unmarkComment: >-
-    This issue is no longer stale.
-
-  closeComment: >-
-    This issue has been closed due to inactivity.

.github/workflows/linters.yaml

@@ -19,6 +19,5 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-
-      - name: Run ansible-lint
-        uses: ansible/ansible-lint@v24.2.3
+      - name: run-ansible-lint
+        uses: ansible/ansible-lint@v24.12.2

CHANGELOG.rst

@@ -4,6 +4,51 @@ Kubernetes Collection Release Notes
 
 .. contents:: Topics
 
+v5.1.0
+======
+
+Minor Changes
+-------------
+
+- Bump version of ansible-lint to minimum 24.7.0 (https://github.com/ansible-collections/kubernetes.core/pull/765).
+- Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify (https://github.com/ansible-collections/kubernetes.core/pull/805).
+- connection/kubectl.py - Added an example of using the kubectl connection plugin to the documentation (https://github.com/ansible-collections/kubernetes.core/pull/741).
+- k8s_drain - Improve error message for pod disruption budget when draining a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
+
+Bugfixes
+--------
+
+- helm - Helm version checks did not support RC versions. They now accept any version tags. (https://github.com/ansible-collections/kubernetes.core/pull/745).
+- helm_pull - Apply no_log=True to pass_credentials to silence false positive warning.. (https://github.com/ansible-collections/kubernetes.core/pull/796).
+- k8s_drain - Fix k8s_drain does not wait for single pod (https://github.com/ansible-collections/kubernetes.core/issues/769).
+- k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is part of a stateful set  (https://github.com/ansible-collections/kubernetes.core/issues/792).
+- kubeconfig option should not appear in module invocation log (https://github.com/ansible-collections/kubernetes.core/issues/782).
+- kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
+- waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
+
+New Modules
+-----------
+
+- helm_registry_auth - Helm registry authentication module
+
+v5.0.0
+======
+
+Release Summary
+---------------
+
+This major release drops support for ``ansible-core<2.15``.
+
+Minor Changes
+-------------
+
+- inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0 (https://github.com/ansible-collections/kubernetes.core/pull/734).
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- Remove support for ``ansible-core<2.15`` (https://github.com/ansible-collections/kubernetes.core/pull/737).
+
 v4.0.0
 ======
 
@@ -37,6 +82,36 @@ Bugfixes
 - helm - use ``reuse-values`` when running ``helm diff`` command (https://github.com/ansible-collections/kubernetes.core/issues/680).
 - integrations test helm_kubeconfig - set helm version to v3.10.3 to avoid incompatability with new bitnami charts (https://github.com/ansible-collections/kubernetes.core/pull/670).
 
+v3.3.0
+======
+Minor Changes
+-------------
+- inventory/k8s.py - Defer removal of k8s inventory plugin to version 5.0 (https://github.com/ansible-collections/kubernetes.core/pull/723).
+- inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0 (https://github.com/ansible-collections/kubernetes.core/pull/734).
+- k8s_drain - Improve error message for pod disruption budget when draining a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
+Bugfixes
+--------
+- helm - Helm version checks did not support RC versions. They now accept any version tags. (https://github.com/ansible-collections/kubernetes.core/pull/745).
+- helm_pull - Apply no_log=True to pass_credentials to silence false positive warning.. (https://github.com/ansible-collections/kubernetes.core/pull/796).
+- k8s_drain - Fix k8s_drain does not wait for single pod (https://github.com/ansible-collections/kubernetes.core/issues/769).
+- k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is part of a stateful set  (https://github.com/ansible-collections/kubernetes.core/issues/792).
+- kubeconfig option should not appear in module invocation log (https://github.com/ansible-collections/kubernetes.core/issues/782).
+- kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
+- waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
+
+v3.2.0
+======
+
+Release Summary
+---------------
+This release comes with documentation updates.
+
+Minor Changes
+-------------
+
+- inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0 (https://github.com/ansible-collections/kubernetes.core/pull/734).
+- connection/kubectl.py - Added an example of using the kubectl connection plugin to the documentation (https://github.com/ansible-collections/kubernetes.core/pull/741).
+
 v3.1.0
 ======
 

CONTRIBUTING.md

@@ -48,7 +48,7 @@ Where modules have multiple parameters we recommend running through the 4-step m
 
 For general information on running the integration tests see the
 [Integration Tests page of the Module Development Guide](https://docs.ansible.com/ansible/devel/dev_guide/testing_integration.html#testing-integration),
-especially the section on configuration for cloud tests. For questions about writing tests the Ansible Kubernetes community can be found on Libera.Chat IRC as detailed below.
+especially the section on configuration for cloud tests.
 
 ### Updating documentation
 
@@ -70,11 +70,3 @@ Review the changes and create a pull request using updated files.
 The `kubernetes.core` collection follows the Ansible project's
 [Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html).
 Please read and familiarize yourself with this document.
-
-### IRC
-Our IRC channels may require you to register your nickname. If you receive an error when you connect, see
-[Libera.Chat's Nickname Registration guide](https://libera.chat/guides/registration) for instructions.
-
-The `#ansible-kubernetes` channel on [libera.chat](https://libera.chat/) IRC is the main and official place to discuss use and development of the `kubernetes.core` collection.
-
-For more information about Ansible's Kubernetes integration, browse the resources in the [Kubernetes Working Group](https://github.com/ansible/community/wiki/Kubernetes) Community wiki page.

Makefile

@@ -1,5 +1,5 @@
 # Also needs to be updated in galaxy.yml
-VERSION = 4.0.0
+VERSION = 5.1.0
 
 TEST_ARGS ?= ""
 PYTHON_VERSION ?= `python -c 'import platform; print(".".join(platform.python_version_tuple()[0:2]))'`

README.md

@@ -1,15 +1,29 @@
 # Kubernetes Collection for Ansible
 
-[![CI](https://github.com/ansible-collections/kubernetes.core/workflows/CI/badge.svg?event=push)](https://github.com/ansible-collections/kubernetes.core/actions) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/kubernetes.core)](https://codecov.io/gh/ansible-collections/kubernetes.core)
-
 This repository hosts the `kubernetes.core` (formerly known as `community.kubernetes`) Ansible Collection.
 
+## Description
+
 The collection includes a variety of Ansible content to help automate the management of applications in Kubernetes and OpenShift clusters, as well as the provisioning and maintenance of clusters themselves.
 
+## Communication
+
+* Join the Ansible forum:
+  * [Get Help](https://forum.ansible.com/c/help/6): get help or help others.
+  * [Posts tagged with 'kubernetes'](https://forum.ansible.com/tag/kubernetes): subscribe to participate in collection-related conversations.
+  * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
+  * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
+
+* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
+
+For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+
+## Requirements
+
 <!--start requires_ansible-->
 ## Ansible version compatibility
 
-This collection has been tested against following Ansible versions: **>=2.14.0**.
+This collection has been tested against following Ansible versions: **>=2.15.0**.
 
 For collections that support Ansible 2.9, please ensure you update your `network_os` to use the
 fully qualified collection name (for example, `cisco.ios.ios`).
@@ -18,17 +32,17 @@ A collection may contain metadata that identifies these versions.
 PEP440 is the schema used to describe the versions of Ansible.
 <!--end requires_ansible-->
 
-## Python Support
+### Python Support
 
 * Collection supports 3.9+
 
 Note: Python2 is deprecated from [1st January 2020](https://www.python.org/doc/sunset-python-2/). Please switch to Python3.
 
-## Kubernetes Version Support
+### Kubernetes Version Support
 
 This collection supports Kubernetes versions >= 1.24.
 
-## Included content
+### Included content
 
 Click on the name of a plugin or module to view that content's documentation:
 
@@ -62,6 +76,7 @@ Name | Description
 [kubernetes.core.helm_plugin](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_plugin_module.rst)|Manage Helm plugins
 [kubernetes.core.helm_plugin_info](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_plugin_info_module.rst)|Gather information about Helm plugins
 [kubernetes.core.helm_pull](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_pull_module.rst)|download a chart from a repository and (optionally) unpack it in local directory.
+[kubernetes.core.helm_registry_auth](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_registry_auth_module.rst)|Helm registry authentication module
 [kubernetes.core.helm_repository](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_repository_module.rst)|Manage Helm repositories.
 [kubernetes.core.helm_template](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.helm_template_module.rst)|Render chart templates
 [kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_module.rst)|Manage Kubernetes (K8s) objects
@@ -79,9 +94,7 @@ Name | Description
 
 <!--end collection content-->
 
-## Installation and Usage
-
-### Installing the Collection from Ansible Galaxy
+## Installation
 
 Before using the Kubernetes collection, you need to install it with the Ansible Galaxy CLI:
 
@@ -93,7 +106,7 @@ You can also include it in a `requirements.yml` file and install it via `ansible
 ---
 collections:
   - name: kubernetes.core
-    version: 4.0.0
+    version: 5.1.0
 ```
 
 ### Installing the Kubernetes Python Library
@@ -102,7 +115,7 @@ Content in this collection requires the [Kubernetes Python client](https://pypi.
 
     pip3 install kubernetes
 
-### Using modules from the Kubernetes Collection in your playbooks
+## Use Cases
 
 It's preferable to use content in this collection using their Fully Qualified Collection Namespace (FQCN), for example `kubernetes.core.k8s_info`:
 
@@ -189,12 +202,16 @@ defined in the playbook using `environment` keyword as above, you must set it us
 
 Please read more about Ansible Turbo mode - [here](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/ansible_turbo_mode.rst).
 
-## Testing and Development
+## Contributing to this collection
 
 If you want to develop new content for this collection or improve what's already here, the easiest way to work on the collection is to clone it into one of the configured [`COLLECTIONS_PATHS`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths), and work on it there.
 
 See [Contributing to kubernetes.core](CONTRIBUTING.md).
 
+## Testing
+
+[![Linters](https://img.shields.io/github/actions/workflow/status/ansible-collections/kubernetes.core/linters.yaml?label=linters)](https://github.com/ansible-collections/kubernetes.core/actions/workflows/linters.yaml) [![Integration tests](https://img.shields.io/github/actions/workflow/status/ansible-collections/kubernetes.core/integration-tests.yaml?label=integration%20tests)](https://github.com/ansible-collections/kubernetes.core/actions/workflows/integration-tests.yaml) [![Sanity tests](https://img.shields.io/github/actions/workflow/status/ansible-collections/kubernetes.core/sanity-tests.yaml?label=sanity%20tests)](https://github.com/ansible-collections/kubernetes.core/actions/workflows/sanity-tests.yaml) [![Unit tests](https://img.shields.io/github/actions/workflow/status/ansible-collections/kubernetes.core/unit-tests.yaml?label=unit%20tests)](https://github.com/ansible-collections/kubernetes.core/actions/workflows/unit-tests.yaml) [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/kubernetes.core)](https://app.codecov.io/gh/ansible-collections/kubernetes.core)
+
 ### Testing with `ansible-test`
 
 The `tests` directory contains configuration for running sanity and integration tests using [`ansible-test`](https://docs.ansible.com/ansible/latest/dev_guide/testing_integration.html).
@@ -231,9 +248,31 @@ After the version is published, verify it exists on the [Kubernetes Collection G
 
 The process for uploading a supported release to Automation Hub is documented separately.
 
-## More Information
+## Support
+
+<!--List available communication channels. In addition to channels specific to your collection, we also recommend to use the following ones.-->
+
+We announce releases and important changes through Ansible's [The Bullhorn newsletter](https://github.com/ansible/community/wiki/News#the-bullhorn). Be sure you are [subscribed](https://eepurl.com/gZmiEP).
+
+We take part in the global quarterly [Ansible Contributor Summit](https://github.com/ansible/community/wiki/Contributor-Summit) virtually or in-person. Track [The Bullhorn newsletter](https://eepurl.com/gZmiEP) and join us.
+
+For more information about communication, refer to the [Ansible Communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+
+For the latest supported versions, refer to the release notes below.
+
+If you encounter issues or have questions, you can submit a support request through the following channels:
+ - GitHub Issues: Report bugs, request features, or ask questions by opening an issue in the [GitHub repository]((https://github.com/ansible-collections/kubernetes.core/).
+
+## Release notes
+
+See the [raw generated changelog](https://github.com/ansible-collections/kubernetes.core/blob/main/CHANGELOG.rst).
+
+## Code of Conduct
+
+We follow the [Ansible Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html) in all our interactions within this project.
+
+If you encounter abusive behavior, please refer to the [policy violations](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html#policy-violations) section of the Code for information on how to raise a complaint.
 
-For more information about Ansible's Kubernetes integration, join the `#ansible-kubernetes` channel on [libera.chat](https://libera.chat/) IRC, and browse the resources in the [Kubernetes Working Group](https://github.com/ansible/community/wiki/Kubernetes) Community wiki page.
 
 ## License
 

changelogs/changelog.yaml

@@ -854,6 +854,51 @@ releases:
     - 652-fix-json-patch-action.yml
     - 654-helm-expand-user.yml
     release_date: '2024-05-16'
+  3.2.0:
+    changes:
+      minor_changes:
+      - connection/kubectl.py - Added an example of using the kubectl connection plugin
+        to the documentation (https://github.com/ansible-collections/kubernetes.core/pull/741).
+      - inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0
+        (https://github.com/ansible-collections/kubernetes.core/pull/734).
+      - inventory/k8s.py - Defer removal of k8s inventory plugin to version 5.0 (https://github.com/ansible-collections/kubernetes.core/pull/723).
+      release_summary: This release comes with documentation updates.
+    fragments:
+    - 20240530-defer-removal-and-ansible-core-support-update.yaml
+    - 20240601-doc-example-of-using-kubectl.yaml
+    - inventory-update_removal_date.yml
+    - 3.2.0.yml
+    release_date: '2024-06-14'
+  3.3.0:
+    changes:
+      bugfixes:
+      - helm - Helm version checks did not support RC versions. They now accept any
+        version tags. (https://github.com/ansible-collections/kubernetes.core/pull/745).
+      - helm_pull - Apply no_log=True to pass_credentials to silence false positive
+        warning. (https://github.com/ansible-collections/kubernetes.core/pull/796).
+      - k8s_drain - Fix k8s_drain does not wait for single pod (https://github.com/ansible-collections/kubernetes.core/issues/769).
+      - k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is
+        part of a stateful set  (https://github.com/ansible-collections/kubernetes.core/issues/792).
+      - kubeconfig option should not appear in module invocation log (https://github.com/ansible-collections/kubernetes.core/issues/782).
+      - kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
+      - waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
+      minor_changes:
+      - k8s_drain - Improve error message for pod disruption budget when draining
+        a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
+      release_summary: This release comes with improvements to the error messages in the k8s_drain module and several bug fixes.
+    fragments:
+    - 20240530-ansible-core-support-update.yaml
+    - 20240611-helm-rc-version.yaml
+    - 20240620-fix-kustomize-plugin-fails-with-deprecation-warnings.yml
+    - 20241102-fix-ci-post-2.18-issue.yaml
+    - 20241213-kubeconfig-set-no_log-true.yaml
+    - 756-fix-daemonset-waiting.yaml
+    - 770-fix-k8s-drain-doesnt-wait-for-single-pod.yaml
+    - 793-fix-k8s-drain-runs-into-timeout.yaml
+    - 796-false-positive-helmull.yaml
+    - 798-drain-pdb-error-message.yaml
+    - readme_template_update.yml
+    release_date: '2025-01-20'
   4.0.0:
     changes:
       bugfixes:
@@ -896,3 +941,61 @@ releases:
     - k8s-merge_type-removed.yml
     - module_utils-common-remove-deprecated-functions-and-class.yaml
     release_date: '2024-05-24'
+  5.0.0:
+    changes:
+      breaking_changes:
+      - Remove support for ``ansible-core<2.15`` (https://github.com/ansible-collections/kubernetes.core/pull/737).
+      minor_changes:
+      - inventory/k8s.py - Defer removal of k8s inventory plugin to version 6.0.0
+        (https://github.com/ansible-collections/kubernetes.core/pull/734).
+      - connection/kubectl.py - Added an example of using the kubectl connection plugin
+        to the documentation (https://github.com/ansible-collections/kubernetes.core/pull/741).
+      release_summary: This major release drops support for ``ansible-core<2.15``.
+    fragments:
+    - 20240530-ansible-core-support-update.yaml
+    - 20240530-defer-removal-and-ansible-core-support-update.yaml
+    - 5.0.0.yml
+    release_date: '2024-05-31'
+  5.1.0:
+    changes:
+      bugfixes:
+      - helm - Helm version checks did not support RC versions. They now accept any
+        version tags. (https://github.com/ansible-collections/kubernetes.core/pull/745).
+      - helm_pull - Apply no_log=True to pass_credentials to silence false positive
+        warning. (https://github.com/ansible-collections/kubernetes.core/pull/796).
+      - k8s_drain - Fix k8s_drain does not wait for single pod (https://github.com/ansible-collections/kubernetes.core/issues/769).
+      - k8s_drain - Fix k8s_drain runs into a timeout when evicting a pod which is
+        part of a stateful set  (https://github.com/ansible-collections/kubernetes.core/issues/792).
+      - kubeconfig option should not appear in module invocation log (https://github.com/ansible-collections/kubernetes.core/issues/782).
+      - kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
+      - waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
+      minor_changes:
+      - Bump version of ansible-lint to minimum 24.7.0 (https://github.com/ansible-collections/kubernetes.core/pull/765).
+      - Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify
+        (https://github.com/ansible-collections/kubernetes.core/pull/805).
+      - k8s_drain - Improve error message for pod disruption budget when draining
+        a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
+      release_summary: This release came with new module ``helm_registry_auth``, improvements
+        to the error messages in the k8s_drain module, new parameter ``insecure_registry`` for
+        ``helm_template`` module and several bug fixes.
+    fragments:
+    - 0-readme.yml
+    - 20240601-doc-example-of-using-kubectl.yaml
+    - 20240611-helm-rc-version.yaml
+    - 20240620-fix-kustomize-plugin-fails-with-deprecation-warnings.yml
+    - 20241102-fix-ci-post-2.18-issue.yaml
+    - 20241103-completly-remove-obsolate-communication-channel.yaml
+    - 20241207-add-insecure-skip-tls-verify-to-helm-template.yaml
+    - 20241213-kubeconfig-set-no_log-true.yaml
+    - 756-fix-daemonset-waiting.yaml
+    - 765-bump-ansible-lint-version.yml
+    - 770-fix-k8s-drain-doesnt-wait-for-single-pod.yaml
+    - 793-fix-k8s-drain-runs-into-timeout.yaml
+    - 796-false-positive-helmull.yaml
+    - 798-drain-pdb-error-message.yaml
+    - readme_template_update.yml
+    modules:
+    - description: Helm registry authentication module
+      name: helm_registry_auth
+      namespace: ''
+    release_date: '2025-01-20'

docs/kubernetes.core.helm_module.rst

@@ -443,7 +443,7 @@ Parameters
                     <div style="font-size: small">
                         <span style="color: purple">boolean</span>
                     </div>
-                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
                 </td>
                 <td>
                         <ul style="margin: 0; padding: 0"><b>Choices:</b>
@@ -463,7 +463,7 @@ Parameters
                     <div style="font-size: small">
                         <span style="color: purple">boolean</span>
                     </div>
-                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
                 </td>
                 <td>
                         <ul style="margin: 0; padding: 0"><b>Choices:</b>

docs/kubernetes.core.helm_registry_auth_module.rst

@@ -0,0 +1,332 @@
+.. _kubernetes.core.helm_registry_auth_module:
+
+
+**********************************
+kubernetes.core.helm_registry_auth
+**********************************
+
+**Helm registry authentication module**
+
+
+Version added: 5.1.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- Helm registry authentication module allows you to login ``helm registry login`` and logout ``helm registry logout`` from a Helm registry.
+
+
+
+Requirements
+------------
+The below requirements are needed on the host that executes this module.
+
+- helm (https://github.com/helm/helm/releases) => 3.8.0
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>binary_path</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The path of a helm binary to use.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ca_file</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path to the CA certificate SSL file for verify registry server certificate.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>cert_file</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path to the client certificate SSL file for identify registry client using this certificate file.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>host</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Provide a URL for accessing the registry.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: registry_url</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>insecure</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Allow connections to SSL sites without certs.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>key_file</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path to the client key SSL file for identify registry client using this key file.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>password</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Password for the registry.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: repo_password</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>present</b>&nbsp;&larr;</div></li>
+                                    <li>absent</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Desired state of the registry.</div>
+                        <div>If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host).</div>
+                        <div>If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host).</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>username</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Username for the registry.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: repo_username</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Login to remote registry
+      kubernetes.core.helm_registry_auth:
+        username: admin
+        password: "sample_password"
+        host: localhost:5000
+
+    - name: Logout from remote registry
+      kubernetes.core.helm_registry_auth:
+        state: absent
+        host: localhost:5000
+
+
+
+Return Values
+-------------
+Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
+
+.. raw:: html
+
+    <table border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Key</th>
+            <th>Returned</th>
+            <th width="100%">Description</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>command</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Full <code>helm</code> command executed</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>failed</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Indicate if the <code>helm</code> command failed</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>stderr</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Full <code>helm</code> command stderr, in case you want to display it or examine the event log. Please be note that helm binnary may print messages to stderr even if the command is successful.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">Login Succeeded\n</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>stderr_lines</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Full <code>helm</code> command stderr, in case you want to display it or examine the event log</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>stdout</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Full <code>helm</code> command stdout, in case you want to display it or examine the event log</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>stout_lines</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Full <code>helm</code> command stdout, in case you want to display it or examine the event log</div>
+                    <br/>
+                </td>
+            </tr>
+    </table>
+    <br/><br/>
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Yuriy Novostavskiy (@yurnov)

docs/kubernetes.core.helm_template_module.rst

@@ -158,6 +158,26 @@ Parameters
                         <div>Include custom resource descriptions in rendered templates.</div>
                 </td>
             </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>insecure_registry</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 5.1.0</div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Skip TLS certificate checks for the chart download</div>
+                </td>
+            </tr>
             <tr>
                 <td colspan="2">
                     <div class="ansibleOptionAnchor" id="parameter-"></div>

docs/kubernetes.core.k8s_drain_module.rst

@@ -423,7 +423,7 @@ Parameters
                         <span style="color: purple">list</span>
                          / <span style="color: purple">elements=string</span>
                     </div>
-                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
                 </td>
                 <td>
                 </td>

docs/kubernetes.core.k8s_info_module.rst

@@ -168,7 +168,7 @@ Parameters
                         <span style="color: purple">list</span>
                          / <span style="color: purple">elements=string</span>
                     </div>
-                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
                 </td>
                 <td>
                 </td>

docs/kubernetes.core.k8s_inventory.rst

@@ -17,7 +17,7 @@ DEPRECATED
 ----------
 :Removed in collection release after 
 :Why: As discussed in https://github.com/ansible-collections/kubernetes.core/issues/31, we decided to
-remove the k8s inventory plugin in release 5.0.0.
+remove the k8s inventory plugin in release 6.0.0.
 
 :Alternative: Use :ref:`kubernetes.core.k8s_info <kubernetes.core.k8s_info_module>` and :ref:`ansible.builtin.add_host <ansible.builtin.add_host_module>` instead.
 
@@ -357,7 +357,7 @@ Status
 ------
 
 
-- This inventory will be removed in version 5.0.0. *[deprecated]*
+- This inventory will be removed in version 6.0.0. *[deprecated]*
 - For more information see `DEPRECATED`_.
 
 

docs/kubernetes.core.k8s_module.rst

@@ -216,7 +216,7 @@ Parameters
                     <div style="font-size: small">
                         <span style="color: purple">boolean</span>
                     </div>
-                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
                 </td>
                 <td>
                         <ul style="margin: 0; padding: 0"><b>Choices:</b>
@@ -389,7 +389,7 @@ Parameters
                         <span style="color: purple">list</span>
                          / <span style="color: purple">elements=string</span>
                     </div>
-                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 2.5.0</div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 3.0.0</div>
                 </td>
                 <td>
                 </td>

docs/kubernetes.core.kubectl_connection.rst

@@ -365,6 +365,82 @@ Parameters
 
 
 
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Run a command in a pod using local kubectl with kubeconfig file ~/.kube/config
+      hosts: localhost
+      gather_facts: no
+      vars:
+        ansible_connection: kubernetes.core.kubectl
+        ansible_kubectl_namespace: my-namespace
+        ansible_kubectl_pod: my-pod
+        ansible_kubectl_container: my-container
+      tasks:
+        # be aware that the command is executed as the user that started the container
+        # and requires python to be installed in the image
+        - name: Run a command in a pod
+          ansible.builtin.command: echo "Hello, World!"
+
+    - name: Run a command in a pod using local kubectl with inventory variables
+      # Example inventory:
+      # k8s:
+      #   hosts:
+      #     foo.example.com:
+      #       ansible_connection: kubernetes.core.kubectl
+      #       ansible_kubectl_kubeconfig: /root/.kube/foo.example.com.config
+      #       ansible_kubectl_pod: my-foo-pod
+      #       ansible_kubectl_container: my-foo-container
+      #       ansible_kubectl_namespace: my-foo-namespace
+      #     bar.example.com:
+      #       ansible_connection: kubernetes.core.kubectl
+      #       ansible_kubectl_kubeconfig: /root/.kube/bar.example.com.config
+      #       ansible_kubectl_pod: my-bar-pod
+      #       ansible_kubectl_container: my-bar-container
+      #       ansible_kubectl_namespace: my-bar-namespace
+      hosts: k8s
+      gather_facts: no
+      tasks:
+        # be aware that the command is executed as the user that started the container
+        # and requires python to be installed in the image
+        - name: Run a command in a pod
+          ansible.builtin.command: echo "Hello, World!"
+
+    - name: Run a command in a pod using dynamic inventory
+      hosts: localhost
+      gather_facts: no
+      vars:
+        kubeconfig: /root/.kube/config
+        namespace: my-namespace
+        my_app: my-app
+      tasks:
+        - name: Get My App pod info based on label
+          kubernetes.core.k8s_info:
+            kubeconfig: "{{ kubeconfig }}"
+            namespace: "{{ namespace }}"
+            kind: Pod
+            label_selectors: app.kubernetes.io/name = "{{ my_app }}"
+          register: my_app_pod
+
+        - name: Get My App pod name
+          ansible.builtin.set_fact:
+            my_app_pod_name: "{{ my_app_pod.resources[0].metadata.name }}"
+
+        - name: Add My App pod to inventory
+          ansible.builtin.add_host:
+            name: "{{ my_app_pod_name }}"
+            ansible_connection: kubernetes.core.kubectl
+            ansible_kubectl_kubeconfig: "{{ kubeconfig }}"
+            ansible_kubectl_pod: "{{ my_app_pod_name }}"
+            ansible_kubectl_namespace: "{{ namespace }}"
+
+        - name: Run a command in My App pod
+          # be aware that the command is executed as the user that started the container
+          # and requires python to be installed in the image
+          ansible.builtin.command: echo "Hello, World!"
+          delegate_to: "{{ my_app_pod_name }}"
 
 
 

galaxy.yml

@@ -25,7 +25,7 @@ tags:
   - openshift
   - okd
   - cluster
-version: 4.0.0
+version: 5.1.0
 build_ignore:
   - .DS_Store
   - "*.tar.gz"

meta/runtime.yml

@@ -1,5 +1,5 @@
 ---
-requires_ansible: '>=2.14.0'
+requires_ansible: '>=2.15.0'
 
 action_groups:
   helm:
@@ -22,10 +22,10 @@ plugin_routing:
       redirect: community.okd.openshift
     k8s:
       deprecation:
-        removal_version: 5.0.0
+        removal_version: 6.0.0
         warning_text: >-
           The k8s inventory plugin has been deprecated and
-          will be removed in release 5.0.0.
+          will be removed in release 6.0.0.
   modules:
     k8s_auth:
       redirect: community.okd.k8s_auth

plugins/connection/kubectl.py

@@ -181,6 +181,81 @@ DOCUMENTATION = r"""
         aliases: [ kubectl_verify_ssl ]
 """
 
+EXAMPLES = r"""
+
+- name: Run a command in a pod using local kubectl with kubeconfig file ~/.kube/config
+  hosts: localhost
+  gather_facts: no
+  vars:
+    ansible_connection: kubernetes.core.kubectl
+    ansible_kubectl_namespace: my-namespace
+    ansible_kubectl_pod: my-pod
+    ansible_kubectl_container: my-container
+  tasks:
+    # be aware that the command is executed as the user that started the container
+    # and requires python to be installed in the image
+    - name: Run a command in a pod
+      ansible.builtin.command: echo "Hello, World!"
+
+- name: Run a command in a pod using local kubectl with inventory variables
+  # Example inventory:
+  # k8s:
+  #   hosts:
+  #     foo.example.com:
+  #       ansible_connection: kubernetes.core.kubectl
+  #       ansible_kubectl_kubeconfig: /root/.kube/foo.example.com.config
+  #       ansible_kubectl_pod: my-foo-pod
+  #       ansible_kubectl_container: my-foo-container
+  #       ansible_kubectl_namespace: my-foo-namespace
+  #     bar.example.com:
+  #       ansible_connection: kubernetes.core.kubectl
+  #       ansible_kubectl_kubeconfig: /root/.kube/bar.example.com.config
+  #       ansible_kubectl_pod: my-bar-pod
+  #       ansible_kubectl_container: my-bar-container
+  #       ansible_kubectl_namespace: my-bar-namespace
+  hosts: k8s
+  gather_facts: no
+  tasks:
+    # be aware that the command is executed as the user that started the container
+    # and requires python to be installed in the image
+    - name: Run a command in a pod
+      ansible.builtin.command: echo "Hello, World!"
+
+- name: Run a command in a pod using dynamic inventory
+  hosts: localhost
+  gather_facts: no
+  vars:
+    kubeconfig: /root/.kube/config
+    namespace: my-namespace
+    my_app: my-app
+  tasks:
+    - name: Get My App pod info based on label
+      kubernetes.core.k8s_info:
+        kubeconfig: "{{ kubeconfig }}"
+        namespace: "{{ namespace }}"
+        kind: Pod
+        label_selectors: app.kubernetes.io/name = "{{ my_app }}"
+      register: my_app_pod
+
+    - name: Get My App pod name
+      ansible.builtin.set_fact:
+        my_app_pod_name: "{{ my_app_pod.resources[0].metadata.name }}"
+
+    - name: Add My App pod to inventory
+      ansible.builtin.add_host:
+        name: "{{ my_app_pod_name }}"
+        ansible_connection: kubernetes.core.kubectl
+        ansible_kubectl_kubeconfig: "{{ kubeconfig }}"
+        ansible_kubectl_pod: "{{ my_app_pod_name }}"
+        ansible_kubectl_namespace: "{{ namespace }}"
+
+    - name: Run a command in My App pod
+      # be aware that the command is executed as the user that started the container
+      # and requires python to be installed in the image
+      ansible.builtin.command: echo "Hello, World!"
+      delegate_to: "{{ my_app_pod_name }}"
+"""
+
 import json
 import os
 import os.path

plugins/inventory/k8s.py

@@ -20,10 +20,10 @@ DOCUMENTATION = """
       - Uses k8s.(yml|yaml) YAML configuration file to set parameter values.
 
     deprecated:
-      removed_in: 5.0.0
+      removed_in: 6.0.0
       why: |
         As discussed in U(https://github.com/ansible-collections/kubernetes.core/issues/31), we decided to
-        remove the k8s inventory plugin in release 5.0.0.
+        remove the k8s inventory plugin in release 6.0.0.
       alternative: "Use M(kubernetes.core.k8s_info) and M(ansible.builtin.add_host) instead."
 
     options:
@@ -164,8 +164,8 @@ class InventoryModule(BaseInventoryPlugin, Constructable, Cacheable):
         super(InventoryModule, self).parse(inventory, loader, path)
 
         self.display.deprecated(
-            "The 'k8s' inventory plugin has been deprecated and will be removed in release 5.0.0",
-            version="5.0.0",
+            "The 'k8s' inventory plugin has been deprecated and will be removed in release 6.0.0",
+            version="6.0.0",
             collection_name="kubernetes.core",
         )
         cache_key = self._get_cache_prefix(path)

plugins/lookup/kustomize.py

@@ -94,7 +94,8 @@ def get_binary_from_path(name, opt_dirs=None):
 
 def run_command(command):
     cmd = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    return cmd.communicate()
+    stdout, stderr = cmd.communicate()
+    return cmd.returncode, stdout, stderr
 
 
 class LookupModule(LookupBase):
@@ -140,9 +141,18 @@ class LookupModule(LookupBase):
         if enable_helm:
             command += ["--enable-helm"]
 
-        (out, err) = run_command(command)
+        (ret, out, err) = run_command(command)
+        if ret != 0:
             if err:
                 raise AnsibleLookupError(
-                "kustomize command failed with: {0}".format(err.decode("utf-8"))
+                    "kustomize command failed. exit code: {0}, error: {1}".format(
+                        ret, err.decode("utf-8")
+                    )
+                )
+            else:
+                raise AnsibleLookupError(
+                    "kustomize command failed with unknown error. exit code: {0}".format(
+                        ret
+                    )
                 )
         return [out.decode("utf-8")]

plugins/module_utils/args_common.py

@@ -18,7 +18,7 @@ AUTH_PROXY_HEADERS_SPEC = dict(
 )
 
 AUTH_ARG_SPEC = {
-    "kubeconfig": {"type": "raw"},
+    "kubeconfig": {"type": "raw", "no_log": True},
     "context": {},
     "host": {},
     "api_key": {"no_log": True},

plugins/module_utils/helm.py

@@ -77,7 +77,6 @@ def write_temp_kubeconfig(server, validate_certs=True, ca_cert=None, kubeconfig=
 
 
 class AnsibleHelmModule(object):
-
     """
     An Ansible module class for Kubernetes.core helm modules
     """
@@ -160,11 +159,13 @@ class AnsibleHelmModule(object):
             self.helm_env = self._prepare_helm_environment()
         return self.helm_env
 
-    def run_helm_command(self, command, fails_on_error=True):
+    def run_helm_command(self, command, fails_on_error=True, data=None):
         if not HAS_YAML:
             self.fail_json(msg=missing_required_lib("PyYAML"), exception=YAML_IMP_ERR)
 
-        rc, out, err = self.run_command(command, environ_update=self.env_update)
+        rc, out, err = self.run_command(
+            command, environ_update=self.env_update, data=data
+        )
         if fails_on_error and rc != 0:
             self.fail_json(
                 msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(
@@ -184,10 +185,10 @@ class AnsibleHelmModule(object):
     def get_helm_version(self):
         command = self.get_helm_binary() + " version"
         rc, out, err = self.run_command(command)
-        m = re.match(r'version.BuildInfo{Version:"v([0-9\.]*)",', out)
+        m = re.match(r'version.BuildInfo{Version:"v(.*?)",', out)
         if m:
             return m.group(1)
-        m = re.match(r'Client: &version.Version{SemVer:"v([0-9\.]*)", ', out)
+        m = re.match(r'Client: &version.Version{SemVer:"v(.*?)", ', out)
         if m:
             return m.group(1)
         return None

plugins/module_utils/helm_args_common.py

@@ -16,6 +16,7 @@ HELM_AUTH_ARG_SPEC = dict(
         type="raw",
         aliases=["kubeconfig_path"],
         fallback=(env_fallback, ["K8S_AUTH_KUBECONFIG"]),
+        no_log=True,
     ),
     host=dict(type="str", fallback=(env_fallback, ["K8S_AUTH_HOST"])),
     ca_cert=dict(

plugins/module_utils/k8s/waiter.py

@@ -51,7 +51,7 @@ def daemonset_ready(daemonset: ResourceInstance) -> bool:
     return bool(
         daemonset.status
         and daemonset.status.desiredNumberScheduled is not None
-        and daemonset.status.updatedNumberScheduled
+        and (daemonset.status.updatedNumberScheduled or 0)
         == daemonset.status.desiredNumberScheduled
         and daemonset.status.numberReady == daemonset.status.desiredNumberScheduled
         and daemonset.status.observedGeneration == daemonset.metadata.generation

plugins/modules/helm.py

@@ -137,14 +137,14 @@ options:
       - If I(reset_values) is set to C(True), this is ignored.
     type: bool
     required: false
-    version_added: 2.5.0
+    version_added: 3.0.0
   reset_values:
     description:
       - When upgrading package, reset the values to the ones built into the chart.
     type: bool
     required: false
     default: True
-    version_added: 2.5.0
+    version_added: 3.0.0
 
 #Helm options
   disable_hook:

plugins/modules/helm_pull.py

@@ -189,7 +189,7 @@ def main():
         repo_password=dict(
             type="str", no_log=True, aliases=["password", "chart_repo_password"]
         ),
-        pass_credentials=dict(type="bool", default=False),
+        pass_credentials=dict(type="bool", default=False, no_log=False),
         skip_tls_certs_check=dict(type="bool", default=False),
         chart_devel=dict(type="bool"),
         untar_chart=dict(type="bool", default=False),

plugins/modules/helm_registry_auth.py

@@ -0,0 +1,238 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: © Ericsson AB 2024
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+DOCUMENTATION = r"""
+---
+module: helm_registry_auth
+
+short_description: Helm registry authentication module
+
+version_added: 5.1.0
+
+author:
+  - Yuriy Novostavskiy (@yurnov)
+
+requirements:
+  - "helm (https://github.com/helm/helm/releases) => 3.8.0"
+
+description:
+  -  Helm registry authentication module allows you to login C(helm registry login) and logout C(helm registry logout) from a Helm registry.
+
+options:
+  state:
+    description:
+      - Desired state of the registry.
+      - If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host).
+      - If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host).
+    required: false
+    default: present
+    choices: ['present', 'absent']
+    type: str
+  host:
+    description:
+      - Provide a URL for accessing the registry.
+    required: true
+    aliases: [ registry_url ]
+    type: str
+  insecure:
+    description:
+      - Allow connections to SSL sites without certs.
+    required: false
+    default: false
+    type: bool
+  username:
+    description:
+      - Username for the registry.
+    required: false
+    type: str
+    aliases: [ repo_username ]
+  password:
+    description:
+      - Password for the registry.
+    required: false
+    type: str
+    aliases: [ repo_password ]
+  key_file:
+    description:
+      - Path to the client key SSL file for identify registry client using this key file.
+    required: false
+    type: path
+  cert_file:
+    description:
+      - Path to the client certificate SSL file for identify registry client using this certificate file.
+    required: false
+    type: path
+  ca_file:
+    description:
+      - Path to the CA certificate SSL file for verify registry server certificate.
+    required: false
+    type: path
+  binary_path:
+    description:
+      - The path of a helm binary to use.
+    required: false
+    type: path
+"""
+
+EXAMPLES = r"""
+- name: Login to remote registry
+  kubernetes.core.helm_registry_auth:
+    username: admin
+    password: "sample_password"
+    host: localhost:5000
+
+- name: Logout from remote registry
+  kubernetes.core.helm_registry_auth:
+    state: absent
+    host: localhost:5000
+"""
+
+RETURN = r"""
+stdout:
+  type: str
+  description: Full C(helm) command stdout, in case you want to display it or examine the event log
+  returned: always
+stout_lines:
+  type: list
+  description: Full C(helm) command stdout, in case you want to display it or examine the event log
+  returned: always
+stderr:
+  type: str
+  description: >-
+    Full C(helm) command stderr, in case you want to display it or examine the event log.
+    Please be note that helm binnary may print messages to stderr even if the command is successful.
+  returned: always
+  sample: 'Login Succeeded\n'
+stderr_lines:
+  type: list
+  description: Full C(helm) command stderr, in case you want to display it or examine the event log
+  returned: always
+command:
+  type: str
+  description: Full C(helm) command executed
+  returned: always
+  sample: '/usr/local/bin/helm registry login oci-registry.domain.example --username=admin --password-stdin --insecure'
+failed:
+  type: bool
+  description: Indicate if the C(helm) command failed
+  returned: always
+  sample: false
+"""
+
+from ansible_collections.kubernetes.core.plugins.module_utils.helm import (
+    AnsibleHelmModule,
+)
+
+
+def arg_spec():
+    return dict(
+        binary_path=dict(type="path", required=False),
+        host=dict(type="str", aliases=["registry_url"], required=True),
+        state=dict(default="present", choices=["present", "absent"], required=False),
+        insecure=dict(type="bool", default=False, required=False),
+        username=dict(type="str", aliases=["repo_username"], required=False),
+        password=dict(
+            type="str", aliases=["repo_password"], no_log=True, required=False
+        ),
+        key_file=dict(type="path", required=False),
+        cert_file=dict(type="path", required=False),
+        ca_file=dict(type="path", required=False),
+    )
+
+
+def login(
+    command,
+    host,
+    insecure,
+    username,
+    password,
+    key_file,
+    cert_file,
+    ca_file,
+):
+    login_command = command + " registry login " + host
+
+    if username is not None and password is not None:
+        login_command += " --username=" + username + " --password-stdin"
+
+    if insecure:
+        login_command += " --insecure"
+
+    if key_file is not None:
+        login_command += " --key-file=" + key_file
+
+    if cert_file is not None:
+        login_command += " --cert-file=" + cert_file
+
+    if ca_file is not None:
+        login_command += " --ca-file=" + ca_file
+
+    return login_command
+
+
+def logout(command, host):
+    return command + " registry logout " + host
+
+
+def main():
+    global module
+
+    module = AnsibleHelmModule(
+        argument_spec=arg_spec(),
+        required_together=[["username", "password"]],
+        supports_check_mode=True,
+    )
+
+    changed = False
+
+    host = module.params.get("host")
+    state = module.params.get("state")
+    insecure = module.params.get("insecure")
+    username = module.params.get("username")
+    password = module.params.get("password")
+    key_file = module.params.get("key_file")
+    cert_file = module.params.get("cert_file")
+    ca_file = module.params.get("ca_file")
+
+    helm_cmd = module.get_helm_binary()
+
+    if state == "absent":
+        helm_cmd = logout(helm_cmd, host)
+        changed = True
+    elif state == "present":
+        helm_cmd = login(
+            helm_cmd, host, insecure, username, password, key_file, cert_file, ca_file
+        )
+        changed = True
+
+    if module.check_mode:
+        module.exit_json(changed=changed, command=helm_cmd)
+
+    rc, out, err = module.run_helm_command(
+        helm_cmd, data=password, fails_on_error=False
+    )
+
+    if rc != 0:
+        if state == "absent" and "Error: not logged in" in err:
+            changed = False
+        else:
+            module.fail_json(
+                msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(
+                    rc, out, err
+                ),
+                stderr=err,
+                command=helm_cmd,
+            )
+
+    module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd)
+
+
+if __name__ == "__main__":
+    main()

plugins/modules/helm_template.py

@@ -72,6 +72,13 @@ options:
       - If the directory already exists, it will be overwritten.
     required: false
     type: path
+  insecure_registry:
+    description:
+      - Skip TLS certificate checks for the chart download
+    required: false
+    type: bool
+    default: false
+    version_added: 5.1.0
   release_name:
     description:
       - Release name to use in rendered templates.
@@ -221,6 +228,7 @@ def template(
     dependency_update=None,
     disable_hook=None,
     output_dir=None,
+    insecure_registry=None,
     show_only=None,
     release_name=None,
     release_namespace=None,
@@ -251,6 +259,9 @@ def template(
     if output_dir:
         cmd += " --output-dir=" + output_dir
 
+    if insecure_registry:
+        cmd += " --insecure-skip-tls-verify"
+
     if show_only:
         for template in show_only:
             cmd += " -s " + template
@@ -289,6 +300,7 @@ def main():
             include_crds=dict(type="bool", default=False),
             release_name=dict(type="str", aliases=["name"]),
             output_dir=dict(type="path"),
+            insecure_registry=dict(type="bool", default=False),
             release_namespace=dict(type="str"),
             release_values=dict(type="dict", default={}, aliases=["values"]),
             show_only=dict(type="list", default=[], elements="str"),
@@ -308,6 +320,7 @@ def main():
     include_crds = module.params.get("include_crds")
     release_name = module.params.get("release_name")
     output_dir = module.params.get("output_dir")
+    insecure_registry = module.params.get("insecure_registry")
     show_only = module.params.get("show_only")
     release_namespace = module.params.get("release_namespace")
     release_values = module.params.get("release_values")
@@ -337,6 +350,7 @@ def main():
         disable_hook=disable_hook,
         release_name=release_name,
         output_dir=output_dir,
+        insecure_registry=insecure_registry,
         release_namespace=release_namespace,
         release_values=release_values,
         show_only=show_only,

plugins/modules/k8s.py

@@ -181,7 +181,7 @@ options:
     - This parameter can be used with C(label_selectors) to restrict the resources to be deleted.
     type: bool
     default: false
-    version_added: 2.5.0
+    version_added: 3.0.0
     aliases:
     - all
   hidden_fields:
@@ -191,7 +191,7 @@ options:
       - Only field definitions that don't reference list items are supported (so V(spec.containers[0]) would not work)
     type: list
     elements: str
-    version_added: 2.5.0
+    version_added: 3.0.0
 
 requirements:
   - "python >= 3.9"

plugins/modules/k8s_drain.py

@@ -47,7 +47,7 @@ options:
       - This option has effect only when C(state) is set to I(drain).
     type: list
     elements: str
-    version_added: 2.5.0
+    version_added: 3.0.0
     aliases:
     - label_selectors
   delete_options:
@@ -106,6 +106,7 @@ EXAMPLES = r"""
   kubernetes.core.k8s_drain:
     state: drain
     name: foo
+    delete_options:
       force: yes
 
 - name: Drain node "foo", but abort if there are pods not managed by a ReplicationController, Job, or DaemonSet, and use a grace period of 15 minutes.
@@ -143,6 +144,7 @@ result:
 """
 
 import copy
+import json
 import time
 import traceback
 from datetime import datetime
@@ -187,6 +189,17 @@ except ImportError:
         HAS_EVICTION_API = False
 
 
+def format_dynamic_api_exc(exc):
+    if exc.body:
+        if exc.headers and exc.headers.get("Content-Type") == "application/json":
+            message = json.loads(exc.body).get("message")
+            if message:
+                return message
+        return exc.body
+    else:
+        return "%s Reason: %s" % (exc.status, exc.reason)
+
+
 def filter_pods(pods, force, ignore_daemonset, delete_emptydir_data):
     k8s_kind_mirror = "kubernetes.io/config.mirror"
     daemonSet, unmanaged, mirror, localStorage, to_delete = [], [], [], [], []
@@ -291,16 +304,19 @@ class K8sDrainAnsible(object):
             return (datetime.now() - start).seconds
 
         response = None
-        pod = pods.pop()
+        pod = None
         while (_elapsed_time() < wait_timeout or wait_timeout == 0) and pods:
             if not pod:
-                pod = pods.pop()
+                pod = pods[-1]
             try:
                 response = self._api_instance.read_namespaced_pod(
                     namespace=pod[0], name=pod[1]
                 )
-                if not response:
+                if not response or response.spec.node_name != self._module.params.get(
+                    "name"
+                ):
                     pod = None
+                    del pods[-1]
                 time.sleep(wait_sleep)
             except ApiException as exc:
                 if exc.reason != "Not Found":
@@ -308,6 +324,7 @@ class K8sDrainAnsible(object):
                         msg="Exception raised: {0}".format(exc.reason)
                     )
                 pod = None
+                del pods[-1]
             except Exception as e:
                 self._module.fail_json(msg="Exception raised: {0}".format(to_native(e)))
         if not pods:
@@ -334,7 +351,7 @@ class K8sDrainAnsible(object):
                 if exc.reason != "Not Found":
                     self._module.fail_json(
                         msg="Failed to delete pod {0}/{1} due to: {2}".format(
-                            namespace, name, exc.reason
+                            namespace, name, to_native(format_dynamic_api_exc(exc))
                         )
                     )
             except Exception as exc:

plugins/modules/k8s_info.py

@@ -51,7 +51,7 @@ options:
       - Only field definitions that don't reference list items are supported (so V(spec.containers[0]) would not work)
     type: list
     elements: str
-    version_added: 2.5.0
+    version_added: 3.0.0
 
 extends_documentation_fragment:
   - kubernetes.core.k8s_auth_options

tests/integration/targets/helm/tasks/main.yml

@@ -4,4 +4,4 @@
   loop_control:
     loop_var: helm_version
   with_items:
-    - "v3.7.0"
+    - "v3.8.0"

tests/integration/targets/helm/tasks/test_helm_reuse_values.yml

@@ -17,8 +17,7 @@
     - name: Initial chart installation
       helm:
         binary_path: "{{ helm_binary }}"
-        chart_ref: redis
-        chart_repo_url: https://charts.bitnami.com/bitnami
+        chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
         release_name: test-redis
         release_namespace: "{{ helm_namespace }}"
         create_namespace: true
@@ -42,8 +41,7 @@
     - name: Upgrade chart using reuse_values=true
       helm:
         binary_path: "{{ helm_binary }}"
-        chart_ref: redis
-        chart_repo_url: https://charts.bitnami.com/bitnami
+        chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
         release_name: test-redis
         release_namespace: "{{ helm_namespace }}"
         reuse_values: true

tests/integration/targets/helm/tasks/tests_chart.yml

@@ -374,8 +374,8 @@
         chart_ref: "{{ chart_source }}"
         chart_version: "{{ chart_source_version | default(omit) }}"
         disable_hook: True
-        release_name: "MyRelease"
-        release_namespace: "MyReleaseNamespace"
+        release_name: "myrelease"
+        release_namespace: "myreleasenamespace"
         show_only:
           - "templates/configmap.yaml"
         release_values:
@@ -388,7 +388,7 @@
           - result is changed
           - result is not failed
           - result.rc == 0
-          - result.command is match(helm_binary+" template MyRelease "+chart_source)
+          - result.command is match(helm_binary+" template myrelease "+chart_source)
           - result.stdout is search("ThisValue")
       when: chart_source is search("test-chart")
       # limit assertion of test result to controlled (local) chart_source

tests/integration/targets/helm_diff/files/test-chart-deployment-time/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: test-chart-deployment-time
+description: A chart with a config map containing the deployment time in data
+type: application
+version: 0.1.0
+appVersion: "default"

tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ default "ansible-configmap" .Values.myConfigmapName }}
+data:
+  myValue: {{ default "test" .Values.myValue }}
+  deploymentTime: {{ now }}

tests/integration/targets/helm_diff/meta/main.yml

@@ -2,3 +2,4 @@
 dependencies:
   - remove_namespace
   - install_helm
+  - setup_helm_registry

tests/integration/targets/helm_diff/tasks/main.yml

@@ -2,7 +2,6 @@
 - name: Test helm diff functionality
   vars:
     test_chart_ref: "/tmp/test-chart"
-    redis_chart_version: '17.0.5'
 
   block:
 
@@ -24,7 +23,7 @@
         name: test-chart
         namespace: "{{ helm_namespace }}"
         chart_ref: "{{ test_chart_ref }}"
-        create_namespace: yes
+        create_namespace: true
       register: install
 
     - assert:
@@ -49,8 +48,8 @@
         name: test-chart
         namespace: "{{ helm_namespace }}"
         chart_ref: "{{ test_chart_ref }}"
-      check_mode: yes
-      diff: yes
+      check_mode: true
+      diff: true
       register: diff_result
 
     - name: Check if helm diff check is correct
@@ -79,7 +78,7 @@
         namespace: "{{ helm_namespace }}"
         chart_ref: "{{ test_chart_ref }}"
       check_mode: yes
-      diff: yes
+      diff: true
       register: diff_result
 
     - name: Check if no diff in check mode when no change
@@ -101,7 +100,7 @@
 
     - name: Modify values
       blockinfile:
-        create: yes
+        create: true
         path: "{{ test_chart_ref }}/values.yml"
         block: |
           ---
@@ -206,52 +205,76 @@
           - install is not changed
 
     # Test helm diff with chart_repo_url
-    - name: Define Redis chart values
-      set_fact:
-        redis_chart_values:
-          commonLabels:
-            phase: testing
-            company: RedHat
-          image:
-            tag: 6.2.6-debian-10-r135
-          architecture: standalone
-
-    - name: Install Redis chart
-      helm:
-        binary_path: "{{ helm_binary }}"
-        chart_repo_url: https://charts.bitnami.com/bitnami
-        chart_ref: redis
-        namespace: "{{ helm_namespace }}"
-        name: redis-chart
-        chart_version: "{{ redis_chart_version }}"
-        release_values: "{{ redis_chart_values }}"
-
-    - name: Upgrade Redis chart
-      helm:
-        binary_path: "{{ helm_binary }}"
-        chart_repo_url: https://charts.bitnami.com/bitnami
-        chart_ref: redis
-        namespace: "{{ helm_namespace }}"
-        name: redis-chart
-        chart_version: "{{ redis_chart_version }}"
-        release_values: "{{ redis_chart_values }}"
-      check_mode: yes
-      register: redis_upgrade
-
-    - name: Assert that module raised a warning
-      assert:
-        that:
-          - not redis_upgrade.changed
-          - redis_upgrade.warnings is defined
-          - redis_upgrade.warnings | length == 1
-          - redis_upgrade.warnings[0] == "The default idempotency check can fail to report changes in certain cases. Install helm diff >= 3.4.1 for better results."
-
     - name: Uninstall helm diff
       helm_plugin:
         binary_path: "{{ helm_binary }}"
         state: absent
         plugin_name: diff
-      ignore_errors: yes
+      ignore_errors: true
+
+    - name: Define chart variables
+      set_fact:
+        test_chart_values:
+          myValue: 'Some ConfigMap data value'
+          myConfigmapName: 'ansible-config-from-url'
+        test_chart_version: 0.1.0
+        test_chart_ref_url: "oci://localhost:6035/testing/test-chart-deployment-time"
+
+    - name: Deploy chart to remote registry
+      block:
+        - name: Create local directory to copy chart in
+          ansible.builtin.tempfile:
+            suffix: .chart
+            state: directory
+          register: _tmpd
+
+        - name: Copy local registry
+          ansible.builtin.copy:
+            dest: "{{ _tmpd.path }}"
+            src: '{{ role_path }}/files/test-chart-deployment-time'
+
+        - name: Push chart to helm registry
+          ansible.builtin.include_role:
+            name: push_to_helm_registry
+          vars:
+            chart_local_path: '{{ _tmpd.path }}/test-chart-deployment-time'
+            chart_repo_path: 'testing'
+      always:
+        - name: Delete temporary directory
+          ansible.builtin.file:
+            state: absent
+            path: '{{ _tmpd.path }}'
+
+    - name: Log into Helm registry
+      ansible.builtin.command: "{{ helm_binary }} registry login -u testuser -p 'pass123!' localhost:6035"
+
+    - name: Install chart from remote URL
+      helm:
+        binary_path: "{{ helm_binary }}"
+        chart_ref: "{{ test_chart_ref_url }}"
+        chart_version: 0.1.0
+        namespace: "{{ helm_namespace }}"
+        name: another-chart
+        release_values: "{{ test_chart_values }}"
+
+    - name: Upgrade chart
+      helm:
+        binary_path: "{{ helm_binary }}"
+        chart_ref: "{{ test_chart_ref_url }}"
+        chart_version: 0.1.0
+        namespace: "{{ helm_namespace }}"
+        name: another-chart
+        release_values: "{{ test_chart_values }}"
+      check_mode: true
+      register: _upgrade
+
+    - name: Assert that module raised a warning
+      assert:
+        that:
+          - not _upgrade.changed
+          - _upgrade.warnings is defined
+          - _upgrade.warnings | length == 1
+          - _upgrade.warnings[0] == "The default idempotency check can fail to report changes in certain cases. Install helm diff >= 3.4.1 for better results."
 
     - name: Install helm diff (version=3.4.1)
       helm_plugin:
@@ -260,37 +283,36 @@
         plugin_path: https://github.com/databus23/helm-diff
         plugin_version: 3.4.1
 
-    - name: Upgrade Redis chart once again
+    - name: Upgrade chart once again
       helm:
         binary_path: "{{ helm_binary }}"
-        chart_repo_url: https://charts.bitnami.com/bitnami
-        chart_ref: redis
+        chart_ref: "{{ test_chart_ref_url }}"
+        chart_version: 0.1.0
         namespace: "{{ helm_namespace }}"
-        name: redis-chart
-        chart_version: "{{ redis_chart_version }}"
-        release_values: "{{ redis_chart_values }}"
-      check_mode: yes
-      register: redis_upgrade_2
+        name: another-chart
+        release_values: "{{ test_chart_values }}"
+      check_mode: true
+      register: _upgrade_2
 
     - name: Assert that module raised a warning
       assert:
         that:
-          - redis_upgrade_2.changed
-          - redis_upgrade_2.warnings is not defined
+          - _upgrade_2.changed
+          - _upgrade_2.warnings is not defined
 
   always:
     - name: Remove chart directory
       file:
         path: "{{ test_chart_ref }}"
         state: absent
-      ignore_errors: yes
+      ignore_errors: true
 
     - name: Uninstall helm diff
       helm_plugin:
         binary_path: "{{ helm_binary }}"
         state: absent
         plugin_name: diff
-      ignore_errors: yes
+      ignore_errors: true
 
     - name: Remove helm namespace
       k8s:
@@ -299,6 +321,6 @@
         name: "{{ helm_namespace }}"
         state: absent
         wait: true
-      ignore_errors: yes
+      ignore_errors: true
 
 - include_tasks: reuse_values.yml

tests/integration/targets/helm_kubeconfig/tasks/tests_helm_auth.yml

@@ -18,7 +18,12 @@
 - set_fact:
     saved_kubeconfig_path: "{{ _dir.path }}/config"
 
-- block:
+- vars:
+    helm_repo_name: autoscaler
+    helm_repo_url: "https://kubernetes.github.io/autoscaler"
+    helm_release_name: "autoscaler"
+    helm_chart_name: "cluster-autoscaler"
+  block:
     - name: Copy default kubeconfig
       copy:
         remote_src: true
@@ -59,14 +64,14 @@
           - plugin_info.plugin_list != []
 
     # helm_repository, helm, helm_info
-    - name: Add test_bitnami chart repository
+    - name: 'Add "{{ helm_repo_name }}" chart repository'
       helm_repository:
         binary_path: "{{ helm_binary }}"
-        name: test_bitnami
+        name: "{{ helm_repo_name }}"
         kubeconfig: "{{ test_kubeconfig | default(omit) }}"
         validate_certs: "{{ test_validate_certs | default(omit) }}"
         ca_cert: "{{ test_ca_cert | default(omit) }}"
-        repo_url: https://charts.bitnami.com/bitnami
+        repo_url: "{{ helm_repo_url }}"
       register: repository
 
     - name: Assert that repository was added
@@ -77,8 +82,8 @@
     - name: Install chart from repository added before
       helm:
         binary_path: "{{ helm_binary }}"
-        name: rabbitmq
-        chart_ref: test_bitnami/rabbitmq
+        name: "{{ helm_release_name }}"
+        chart_ref: "{{ helm_repo_name }}/{{ helm_chart_name }}"
         namespace: "{{ helm_namespace }}"
         update_repo_cache: true
         kubeconfig: "{{ test_kubeconfig | default(omit) }}"
@@ -98,7 +103,7 @@
         kubeconfig: "{{ test_kubeconfig | default(omit) }}"
         validate_certs: "{{ test_validate_certs | default(omit) }}"
         ca_cert: "{{ test_ca_cert | default(omit) }}"
-        name: "rabbitmq"
+        name: "{{ helm_release_name }}"
         namespace: "{{ helm_namespace }}"
       register: chart_info
 
@@ -112,7 +117,7 @@
     - name: Remove chart
       helm:
         binary_path: "{{ helm_binary }}"
-        name: rabbitmq
+        name: "{{ helm_release_name }}"
         namespace: "{{ helm_namespace }}"
         kubeconfig: "{{ test_kubeconfig | default(omit) }}"
         validate_certs: "{{ test_validate_certs | default(omit) }}"
@@ -131,7 +136,7 @@
         kubeconfig: "{{ test_kubeconfig | default(omit) }}"
         validate_certs: "{{ test_validate_certs | default(omit) }}"
         ca_cert: "{{ test_ca_cert | default(omit) }}"
-        name: "rabbitmq"
+        name: "{{ helm_release_name }}"
         namespace: "{{ helm_namespace }}"
       register: chart_info
 
@@ -143,7 +148,7 @@
     - name: Remove chart repository
       helm_repository:
         binary_path: "{{ helm_binary }}"
-        name: test_bitnami
+        name: "{{ helm_repo_name }}"
         kubeconfig: "{{ test_kubeconfig | default(omit) }}"
         validate_certs: "{{ test_validate_certs | default(omit) }}"
         ca_cert: "{{ test_ca_cert | default(omit) }}"
@@ -192,6 +197,6 @@
     - name: Delete helm repository
       helm_repository:
         binary_path: "{{ helm_binary }}"
-        name: test_bitnami
+        name: "{{ helm_repo_name }}"
         state: absent
       ignore_errors: true

tests/integration/targets/helm_pull/tasks/main.yml

@@ -180,6 +180,7 @@
               - '"--username ansible" in _result.command'
               - '"--password ***" in _result.command'
               - '"--keyring pubring.gpg" in _result.command'
+              - '"Module did not set no_log for pass_credentials" not in _result.stderr'
 
         - name: Download chart using chart_ref
           helm_pull:
@@ -203,9 +204,8 @@
         - name: Download chart using untar_chart
           helm_pull:
             binary_path: "{{ helm_path }}"
-            chart_ref: redis
+            chart_ref: "oci://registry-1.docker.io/bitnamicharts/redis"
             destination: "{{ destination }}"
-            repo_url: "https://charts.bitnami.com/bitnami"
             untar_chart: true
           register: _result
 

tests/integration/targets/helm_registry_auth/aliases

@@ -0,0 +1,2 @@
+time=16
+helm_registry_auth

tests/integration/targets/helm_registry_auth/defaults/main.yaml

@@ -0,0 +1,9 @@
+---
+# Username and password for the registry
+# ../files/registry.password contains username and hashed password
+username: testuser
+password: testpassword
+wrong_password: 'WrongPassword'
+registry_name: oci_registry
+registry_port: 5000
+test_chart: https://github.com/grafana/helm-charts/releases/download/k8s-monitoring-1.6.8/k8s-monitoring-1.6.8.tgz

tests/integration/targets/helm_registry_auth/files/registry.password

@@ -0,0 +1 @@
+testuser:$2y$05$PmdUjSCJYdRUZlsYy8QGWuJDiwuHtWXa28YrELlN5haeHkZ1seZZG

tests/integration/targets/helm_registry_auth/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - install_helm

tests/integration/targets/helm_registry_auth/playbook.yaml

@@ -0,0 +1,7 @@
+---
+- name: Test helm_registry_auth module
+  hosts: localhost
+  connection: local
+  gather_facts: true
+  roles:
+  - helm_registry_auth

tests/integration/targets/helm_registry_auth/runme.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -eux
+export ANSIBLE_CALLBACKS_ENABLED=profile_tasks
+export ANSIBLE_ROLES_PATH=../
+ansible-playbook playbook.yaml "$@"

tests/integration/targets/helm_registry_auth/tasks/main.yaml

@@ -0,0 +1,178 @@
+---
+- name: Run module test
+  # using a shell and command module to run the test as test can be non-idempotent
+  # and it allow to not install any additional dependencies
+  block:
+    - name: Ensure that helm is installed
+      ansible.builtin.shell: helm version --client --short | grep v3
+      register: _helm_version
+      failed_when: _helm_version.rc != 0
+
+    - name: Ensure that Docker demon is running
+      ansible.builtin.command: "docker info"
+      register: _docker_info
+      failed_when: _docker_info.rc != 0
+
+    - name: Create a tmpfile htpasswd directory
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: .httppasswd
+      register: _tmpfile
+
+    - name: Copy htpasswd to the tmpfile directory
+      ansible.builtin.copy:
+        src: registry.password
+        dest: "{{ _tmpfile.path }}/registry.password"
+
+    - name: Setup the registry
+      ansible.builtin.command: >-
+        docker run -d --rm
+        -p {{ registry_port }}:5000
+        --name "{{ registry_name }}"
+        -v "{{ _tmpfile.path }}:/auth"
+        -e "REGISTRY_AUTH=htpasswd"
+        -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
+        -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry.password
+        registry:2
+      register: _setup_registry
+      failed_when: _setup_registry.rc != 0
+
+    - name: Ensure that the registry is running and rechable
+      ansible.builtin.wait_for:
+        host: localhost
+        port: "{{ registry_port }}"
+
+    - name: Test the registry with correct credentials to ensure that the registry is running
+      ansible.builtin.shell: >-
+        echo {{ password | quote }} | helm registry login localhost:{{ registry_port }}
+        -u {{ username }} --password-stdin
+      register: _login_correct
+      failed_when: _login_correct.rc != 0
+
+    - name: Clean up credentials to run test on clean environment
+      ansible.builtin.shell: >-
+        helm registry logout localhost:{{ registry_port }}
+      register: _logout
+      failed_when: _logout.rc != 0
+
+    - name: Create directory for helm chart
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: ".helm"
+      register: _destination
+
+    - name: Pull test helm chart
+      ansible.builtin.uri:
+        url: "{{ test_chart }}"
+        dest: "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz"
+        return_content: no
+        status_code: 200
+
+    - name: Test module helm_registry_auth with correct credentials
+      helm_registry_auth:
+        username: "{{ username }}"
+        password: "{{ password }}"
+        host: localhost:{{ registry_port }}
+        state: present
+      register: _helm_registry_auth_correct
+
+    - name: Assert that the registry is logged in
+      # Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464
+      assert:
+        that:
+          - "'Login Succeeded' in _helm_registry_auth_correct.stderr"
+          - "'{{ password }}' not in _helm_registry_auth_correct.command"
+          - "'{{ password }}' not in _helm_registry_auth_correct.stdout"
+          - "'{{ password }}' not in _helm_registry_auth_correct.stderr"
+
+    - name: Ensure that push to the registry is working
+      ansible.builtin.shell: >-
+        helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz"  oci://localhost:{{ registry_port }}/test/
+      register: _save_chart
+      failed_when: _save_chart.rc != 0
+
+    - name: Assert that the chart is saved
+      # Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464
+      assert:
+        that: "'Pushed: localhost:{{ registry_port }}/test/k8s-monitoring' in _save_chart.stderr"
+
+
+    - name: Test logout
+      helm_registry_auth:
+        host: localhost:{{ registry_port }}
+        state: absent
+      register: _helm_registry_auth_logout
+
+    - name: Assert logout
+      # Helm binary prints the message to stderr
+      assert:
+        that: "'Removing login credentials' in _helm_registry_auth_logout.stderr"
+
+    - name: Test logout idempotency
+      helm_registry_auth:
+        host: localhost:{{ registry_port }}
+        state: absent
+      register: _helm_registry_auth_logout_idempotency
+
+    - name: Assert logout operation did not report change
+      ansible.builtin.assert:
+        that: _helm_registry_auth_logout_idempotency is not changed
+
+    - name: Ensure that not able to push to the registry
+      ansible.builtin.shell: >-
+        helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz"  oci://localhost:{{ registry_port }}/test/
+      register: _save_chart
+      failed_when: _save_chart.rc == 0
+
+    - name: Read content of ~/.config/helm/registry/config.json
+      ansible.builtin.slurp:
+        src: ~/.config/helm/registry/config.json
+      register: _config_json
+
+    - name: Assert that auth data is remove and the chart is not saved
+      # Helm binary prints the message to stderr
+      ansible.builtin.assert:
+        that:
+          - "'push access denied' in _save_chart.stderr"
+          - "'authorization failed' in _save_chart.stderr"
+          - "_save_chart.rc != 0"
+          - "'localhost:{{ registry_port }}' not in _config_json.content | b64decode"
+
+    - name: Test module helm_registry_auth with wrong credentials
+      helm_registry_auth:
+        username: "{{ username }}"
+        password: "{{ wrong_password }}"
+        host: localhost:{{ registry_port }}
+        state: present
+      register: _helm_registry_auth_wrong
+      ignore_errors: true
+
+    - name: Read content of ~/.config/helm/registry/config.json
+      ansible.builtin.slurp:
+        src: ~/.config/helm/registry/config.json
+      register: _config_json
+
+    - name: Assert that the registry is not logged in and auth data is not saved
+      ansible.builtin.assert:
+        that:
+          - "'401 Unauthorized' in _helm_registry_auth_wrong.stderr"
+          - "'{{ wrong_password }}' not in _helm_registry_auth_correct.command"
+          - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout"
+          - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr"
+          - "'localhost:{{ registry_port }}' not in _config_json.content | b64decode"
+
+  # Clean up
+  always:
+    - name: Stop and remove the registry
+      ansible.builtin.command: docker stop {{ registry_name }}
+      ignore_errors: true
+
+    - name: Remove the tmpfile
+      ansible.builtin.file:
+        state: absent
+        path: "{{ item }}"
+        force: true
+      loop:
+        - "{{ _tmpfile.path }}"
+        - "{{ _destination.path }}"
+      ignore_errors: true

tests/integration/targets/helm_set_values/tasks/main.yml

@@ -1,8 +1,7 @@
 - name: Install helm using set_values parameters
   helm:
     binary_path: "{{ helm_binary }}"
-    chart_ref: mariadb
-    chart_repo_url: https://charts.bitnami.com/bitnami
+    chart_ref: oci://registry-1.docker.io/bitnamicharts/mariadb
     release_name: test-mariadb
     release_namespace: "{{ helm_namespace }}"
     create_namespace: true
@@ -36,8 +35,7 @@
 - name: Install helm using set_values parameters
   helm:
     binary_path: "{{ helm_binary }}"
-    chart_ref: apache
-    chart_repo_url: https://charts.bitnami.com/bitnami
+    chart_ref: oci://registry-1.docker.io/bitnamicharts/apache
     release_name: test-apache
     release_namespace: "{{ helm_namespace }}"
     create_namespace: true
@@ -79,8 +77,7 @@
   - name: Install helm using set_values parameters
     helm:
       binary_path: "{{ helm_binary }}"
-      chart_ref: minio
-      chart_repo_url: https://charts.bitnami.com/bitnami
+      chart_ref: oci://registry-1.docker.io/bitnamicharts/minio
       release_name: test-minio
       release_namespace: "{{ helm_namespace }}"
       create_namespace: true
@@ -107,3 +104,11 @@
     file:
       state: absent
       path: "{{ ymlfile.path }}"
+    ignore_errors: true
+
+  - name: Delete namespace
+    k8s:
+      state: absent
+      kind: namespace
+      name: "{{ helm_namespace }}"
+    ignore_errors: true

tests/integration/targets/install_helm/defaults/main.yml

@@ -1,4 +1,4 @@
 ---
-helm_version: v3.7.0
+helm_version: v3.8.0
 helm_install_path: /tmp/helm
 helm_default_archive_name: "helm-{{ helm_version }}-{{ ansible_system | lower }}-amd64.tar.gz"

tests/integration/targets/k8s_waiter/defaults/main.yml

@@ -5,6 +5,7 @@ k8s_pod_metadata:
 
 k8s_pod_spec:
   serviceAccount: "{{ k8s_pod_service_account }}"
+  nodeSelector: "{{ k8s_pod_node_selector }}"
   containers:
     - image: "{{ k8s_pod_image }}"
       imagePullPolicy: Always
@@ -33,6 +34,8 @@ k8s_pod_ports: []
 
 k8s_pod_env: []
 
+k8s_pod_node_selector: {}
+
 k8s_pod_template:
   metadata: "{{ k8s_pod_metadata }}"
   spec: "{{ k8s_pod_spec }}"

tests/integration/targets/k8s_waiter/tasks/main.yml

@@ -127,6 +127,48 @@
           - ds.result.status.currentNumberScheduled == ds.result.status.desiredNumberScheduled
           - updated_ds_pods.resources[0].spec.containers[0].image.endswith(":3")
 
+    - name: Create daemonset with nodeSelector and not existing label
+      k8s:
+        definition:
+          apiVersion: apps/v1
+          kind: DaemonSet
+          metadata:
+            name: wait-daemonset-not-existing-label
+            namespace: "{{ wait_namespace }}"
+          spec:
+            selector:
+              matchLabels:
+                app: "{{ k8s_pod_name }}"
+            template: "{{ k8s_pod_template }}"
+        wait: yes
+        wait_sleep: 5
+        wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
+      vars:
+        k8s_pod_name: wait-daemonset-not-existing-label
+        k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:1
+        k8s_pod_command:
+          - sleep
+          - "600"
+        k8s_pod_node_selector:
+          nonExisitingLabel: test-not-exiting-label
+      register: ds_not_existing_label
+
+    - name: Get updated pods
+      k8s_info:
+        api_version: v1
+        kind: Pod
+        namespace: "{{ wait_namespace }}"
+        label_selectors:
+          - app=wait-daemonset-not-existing-label
+      register: updated_ds_pods_not_existing_label
+
+    - name: Check that daemonset wait worked (when desired number is 0)
+      assert:
+        that:
+          - ds_not_existing_label.result.status.currentNumberScheduled == ds_not_existing_label.result.status.desiredNumberScheduled
+          - ds_not_existing_label.result.status.desiredNumberScheduled == 0
+          - updated_ds_pods_not_existing_label.resources | length == 0
+
     - name: Add a statefulset
       k8s:
         definition:

tests/integration/targets/push_to_helm_registry/aliases

@@ -0,0 +1 @@
+disabled

tests/integration/targets/push_to_helm_registry/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+helm_binary_path: "helm"
+chart_repo_url: 'localhost:6035'
+chart_repo_username: testuser
+chart_repo_password: 'pass123!'

tests/integration/targets/push_to_helm_registry/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+- name: Ensure we can log into the helm registry
+  command: >-
+    {{ helm_binary_path }} registry login
+    -u {{ chart_repo_username }}
+    -p {{ chart_repo_password }}
+    {{ chart_repo_url }}
+
+- name: Package chart and push to helm registry
+  block:
+    - name: Create temporary directory to store chart
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: .chart
+      register: _tmpfile
+
+    - name: Package helm chart
+      command: '{{ helm_binary_path }} package {{ chart_local_path }} --destination {{ _tmpfile.path }}'
+
+    - name: Locate helm chart package
+      ansible.builtin.find:
+        paths: "{{ _tmpfile.path }}"
+        patterns: '*.tgz'
+      register: _files
+
+    - name: Helm push chart to the registry
+      command: '{{ helm_binary_path }} push {{ _files.files.0.path }} oci://{{ chart_repo_url }}/{{ chart_repo_path }}'
+
+  always:
+    - name: Logout from registry
+      command: '{{ helm_binary_path }} registry logout {{ chart_repo_url }}'
+      ignore_errors: true
+
+    - name: Delete temporary directory
+      ansible.builtin.file:
+        state: absent
+        path: '{{ _tmpfile.path }}'
+      ignore_errors: true

tests/integration/targets/setup_helm_registry/aliases

@@ -0,0 +1 @@
+disabled

tests/integration/targets/setup_helm_registry/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# user: testuser, password: pass123!
+registry_credentials: testuser:$2y$05$d8tw6L1hojRFW.FjHOAnIOihJWAvFb0/Pu/30hLbQNJIYzCmlyBCi
+registry_name: helm_registry
+registry_port: 6035

tests/integration/targets/setup_helm_registry/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Teardown registry
+  include_tasks: teardown_registry.yml

tests/integration/targets/setup_helm_registry/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: Ensure we can talk to docker daemon
+  ansible.builtin.shell:
+    cmd: docker ps
+
+- name: Create temporary directory to store file in
+  tempfile:
+    state: directory
+    suffix: .helm_registry
+  register: _tmpfile
+  # notify:
+  #   - Teardown registry
+
+- name: Create authentication file
+  copy:
+    content: "{{ registry_credentials }}"
+    dest: "{{ _tmpfile.path }}/htpasswd"
+
+- name: Remove existing registry
+  ansible.builtin.include_tasks: remove_docker_container.yml
+
+- name: Create registry container
+  command: >-
+    docker run -d
+    -p {{ registry_port }}:5000
+    --restart=always
+    --name "{{ registry_name }}"
+    -v "{{ _tmpfile.path }}:/auth"
+    -e "REGISTRY_AUTH=htpasswd"
+    -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
+    -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
+    registry:2

tests/integration/targets/setup_helm_registry/tasks/remove_docker_container.yml

@@ -0,0 +1,15 @@
+---
+- name: Inspect docker container
+  command: docker container inspect {{ registry_name }} -f '{{ '{{' }} .State.Running {{ '}}' }}'
+  register: _inspect
+  ignore_errors: true
+
+- name: Remove container
+  when: _inspect.rc == 0
+  block:
+    - name: Stop running container
+      command: docker container stop {{ registry_name }}
+      when: _inspect.stdout == "true"
+
+    - name: Remove container
+      command: docker container rm {{ registry_name }}

tests/integration/targets/setup_helm_registry/tasks/teardown_registry.yml

@@ -0,0 +1,9 @@
+---
+- name: Remove Docker container
+  ansible.builtin.include_tasks: remove_docker_container.yml
+
+- name: Delete temporary directory
+  file:
+    state: absent
+    path: '{{ _tmpfile.path }}'
+  ignore_errors: true

tests/sanity/ignore-2.14.txt

@@ -25,3 +25,6 @@ plugins/modules/k8s_service.py validate-modules:return-syntax-error
 plugins/modules/k8s_taint.py validate-modules:return-syntax-error
 tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip
 tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip
+tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip
+

tests/sanity/ignore-2.15.txt

@@ -26,3 +26,5 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error
 plugins/modules/k8s_service.py validate-modules:return-syntax-error
 plugins/modules/k8s_taint.py validate-modules:return-syntax-error
 tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip
+tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip

tests/sanity/ignore-2.16.txt

@@ -29,3 +29,5 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error
 plugins/modules/k8s_service.py validate-modules:return-syntax-error
 plugins/modules/k8s_taint.py validate-modules:return-syntax-error
 tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip
+tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip

tests/sanity/ignore-2.17.txt

@@ -29,3 +29,5 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error
 plugins/modules/k8s_service.py validate-modules:return-syntax-error
 plugins/modules/k8s_taint.py validate-modules:return-syntax-error
 tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip
+tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip

tests/sanity/ignore-2.18.txt

@@ -1,15 +1,12 @@
-plugins/module_utils/client/discovery.py import-3.9!skip
-plugins/module_utils/client/discovery.py import-3.10!skip
 plugins/module_utils/client/discovery.py import-3.11!skip
 plugins/module_utils/client/discovery.py import-3.12!skip
-plugins/module_utils/client/resource.py import-3.9!skip
-plugins/module_utils/client/resource.py import-3.10!skip
+plugins/module_utils/client/discovery.py import-3.13!skip
 plugins/module_utils/client/resource.py import-3.11!skip
 plugins/module_utils/client/resource.py import-3.12!skip
-plugins/module_utils/k8sdynamicclient.py import-3.9!skip
-plugins/module_utils/k8sdynamicclient.py import-3.10!skip
+plugins/module_utils/client/resource.py import-3.13!skip
 plugins/module_utils/k8sdynamicclient.py import-3.11!skip
 plugins/module_utils/k8sdynamicclient.py import-3.12!skip
+plugins/module_utils/k8sdynamicclient.py import-3.13!skip
 plugins/module_utils/version.py pylint!skip
 plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
 plugins/modules/k8s_scale.py validate-modules:parameter-type-not-in-doc
@@ -29,3 +26,5 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error
 plugins/modules/k8s_service.py validate-modules:return-syntax-error
 plugins/modules/k8s_taint.py validate-modules:return-syntax-error
 tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip
+tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip

tests/sanity/ignore-2.19.txt

@@ -0,0 +1,30 @@
+plugins/module_utils/client/discovery.py import-3.11!skip
+plugins/module_utils/client/discovery.py import-3.12!skip
+plugins/module_utils/client/discovery.py import-3.13!skip
+plugins/module_utils/client/resource.py import-3.11!skip
+plugins/module_utils/client/resource.py import-3.12!skip
+plugins/module_utils/client/resource.py import-3.13!skip
+plugins/module_utils/k8sdynamicclient.py import-3.11!skip
+plugins/module_utils/k8sdynamicclient.py import-3.12!skip
+plugins/module_utils/k8sdynamicclient.py import-3.13!skip
+plugins/module_utils/version.py pylint!skip
+plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
+plugins/modules/k8s_scale.py validate-modules:parameter-type-not-in-doc
+plugins/modules/k8s_service.py validate-modules:parameter-type-not-in-doc
+tests/unit/module_utils/fixtures/definitions.yml yamllint!skip
+tests/unit/module_utils/fixtures/deployments.yml yamllint!skip
+tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip
+tests/unit/module_utils/fixtures/pods.yml yamllint!skip
+tests/integration/targets/helm/files/appversionless-chart-v2/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm/files/appversionless-chart/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm/files/test-chart-v2/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm/files/test-chart/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm_diff/files/test-chart/templates/configmap.yaml yamllint!skip
+tests/integration/targets/k8s_scale/files/deployment.yaml yamllint!skip
+plugins/modules/k8s.py validate-modules:return-syntax-error
+plugins/modules/k8s_scale.py validate-modules:return-syntax-error
+plugins/modules/k8s_service.py validate-modules:return-syntax-error
+plugins/modules/k8s_taint.py validate-modules:return-syntax-error
+tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
+tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip
+tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip

tests/unit/module_utils/test_helm.py

@@ -200,6 +200,10 @@ def test_module_get_values(_ansible_helm_module, no_values, get_all):
             'version.BuildInfo{Version:"v3.10.3", GitCommit:7870ab3ed4135f136eec, GoVersion:"go1.18.9"}',
             "3.10.3",
         ),
+        (
+            'version.BuildInfo{Version:"v3.15.0-rc.1", GitCommit:"d7afa3b6b432c09a02cd07342e908ba5bed34940", GitTreeState:"clean", GoVersion:"go1.22.4"}',
+            "3.15.0-rc.1",
+        ),
         ('Client: &version.Version{SemVer:"v3.12.3", ', "3.12.3"),
         ('Client: &version.Version{SemVer:"v3.12.3"', None),
     ],
@@ -238,7 +242,7 @@ def test_module_run_helm_command(_ansible_helm_module):
     assert (rc, out, err) == (0, output, error)
 
     _ansible_helm_module.run_command.assert_called_once_with(
-        command, environ_update=env_update
+        command, environ_update=env_update, data=None
     )
 
 

tests/unit/modules/test_helm_template_module.py

@@ -51,7 +51,7 @@ class TestDependencyUpdateWithoutChartRepoUrlOption(unittest.TestCase):
             with self.assertRaises(AnsibleExitJson) as result:
                 helm_template.main()
         mock_run_command.assert_called_once_with(
-            "/usr/bin/helm template /tmp/path", environ_update={}
+            "/usr/bin/helm template /tmp/path", environ_update={}, data=None
         )
         assert result.exception.args[0]["command"] == "/usr/bin/helm template /tmp/path"
 
@@ -74,6 +74,7 @@ class TestDependencyUpdateWithoutChartRepoUrlOption(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm template test --repo=https://charts.com/test",
             environ_update={},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]
@@ -95,6 +96,7 @@ class TestDependencyUpdateWithoutChartRepoUrlOption(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm template https://charts/example.tgz --dependency-update",
             environ_update={},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]

tests/unit/modules/test_module_helm.py

@@ -88,6 +88,7 @@ class TestDependencyUpdateWithoutChartRepoUrlOption(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm upgrade -i --reset-values test '/tmp/path'",
             environ_update={"HELM_NAMESPACE": "test"},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]
@@ -118,6 +119,7 @@ class TestDependencyUpdateWithoutChartRepoUrlOption(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm upgrade -i --reset-values test '/tmp/path'",
             environ_update={"HELM_NAMESPACE": "test"},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]
@@ -147,6 +149,7 @@ class TestDependencyUpdateWithoutChartRepoUrlOption(unittest.TestCase):
                 call(
                     "/usr/bin/helm upgrade -i --reset-values test '/tmp/path'",
                     environ_update={"HELM_NAMESPACE": "test"},
+                    data=None,
                 )
             ]
         )
@@ -181,6 +184,7 @@ class TestDependencyUpdateWithoutChartRepoUrlOption(unittest.TestCase):
                 call(
                     "/usr/bin/helm upgrade -i --reset-values test '/tmp/path'",
                     environ_update={"HELM_NAMESPACE": "test"},
+                    data=None,
                 )
             ]
         )
@@ -251,6 +255,7 @@ class TestDependencyUpdateWithChartRepoUrlOption(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm --repo=http://repo.example/charts upgrade -i --reset-values test 'chart1'",
             environ_update={"HELM_NAMESPACE": "test"},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]
@@ -280,6 +285,7 @@ class TestDependencyUpdateWithChartRepoUrlOption(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm --repo=http://repo.example/charts upgrade -i --reset-values test 'chart1'",
             environ_update={"HELM_NAMESPACE": "test"},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]
@@ -338,6 +344,7 @@ class TestDependencyUpdateWithChartRepoUrlOption(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm --repo=http://repo.example/charts install --dependency-update --replace test 'chart1'",
             environ_update={"HELM_NAMESPACE": "test"},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]
@@ -405,6 +412,7 @@ class TestDependencyUpdateWithChartRefIsUrl(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm upgrade -i --reset-values test 'http://repo.example/charts/application.tgz'",
             environ_update={"HELM_NAMESPACE": "test"},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]
@@ -433,6 +441,7 @@ class TestDependencyUpdateWithChartRefIsUrl(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm upgrade -i --reset-values test 'http://repo.example/charts/application.tgz'",
             environ_update={"HELM_NAMESPACE": "test"},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]
@@ -489,6 +498,7 @@ class TestDependencyUpdateWithChartRefIsUrl(unittest.TestCase):
         mock_run_command.assert_called_once_with(
             "/usr/bin/helm install --dependency-update --replace test 'http://repo.example/charts/application.tgz'",
             environ_update={"HELM_NAMESPACE": "test"},
+            data=None,
         )
         assert (
             result.exception.args[0]["command"]