internet/kubernetes.core
3
0
Fork 0
mirror of https://github.com/ansible-collections/kubernetes.core.git synced 2026-05-12 20:42:08 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: internet:5.2.0
Branches Tags
internet:main internet:stable-5 internet:stable-6 internet:stable-3 internet:stable-4 internet:stable-2.4 internet:stable-2.3 internet:stable-2.2 internet:stable-2.1 internet:stable-1.2
internet:6.4.0 internet:6.3.0 internet:5.4.2 internet:6.2.0 internet:5.4.1 internet:6.1.0 internet:5.4.0 internet:6.0.0 internet:5.3.0 internet:5.2.0 internet:3.3.1 internet:5.1.0 internet:3.3.0 internet:3.2.0 internet:5.0.0 internet:4.0.0 internet:3.1.0 internet:3.0.1 internet:2.4.2 internet:2.4.1 internet:3.0.0 internet:2.4.0 internet:2.3.2 internet:2.3.1 internet:2.3.0 internet:2.2.3 internet:2.2.2 internet:2.2.1 internet:2.2.0 internet:2.1.1 internet:2.1.0 internet:2.0.2 internet:2.0.1 internet:2.0.0 internet:1.2.1
...
compare: internet:stable-5
Branches Tags
internet:stable-5 internet:stable-6 internet:main internet:stable-3 internet:stable-4 internet:stable-2.4 internet:stable-2.3 internet:stable-2.2 internet:stable-2.1 internet:stable-1.2
internet:6.4.0 internet:6.3.0 internet:5.4.2 internet:6.2.0 internet:5.4.1 internet:6.1.0 internet:5.4.0 internet:6.0.0 internet:5.3.0 internet:5.2.0 internet:3.3.1 internet:5.1.0 internet:3.3.0 internet:3.2.0 internet:5.0.0 internet:4.0.0 internet:3.1.0 internet:3.0.1 internet:2.4.2 internet:2.4.1 internet:3.0.0 internet:2.4.0 internet:2.3.2 internet:2.3.1 internet:2.3.0 internet:2.2.3 internet:2.2.2 internet:2.2.1 internet:2.2.0 internet:2.1.1 internet:2.1.0 internet:2.0.2 internet:2.0.1 internet:2.0.0 internet:1.2.1

44 Commits
5.2.0 ... stable-5

Author SHA1 Message Date
patchback[bot]
a2aa079829 docs: add until example to k8s_info (#885) (#1118) 
I would liked to have an example like this when I was using the
documentation.

(cherry picked from commit 4d7dc2a7d1)

Co-authored-by: Birger Johan Nordølum <33870508+MindTooth@users.noreply.github.com>
 2026-05-06 10:16:35 -04:00
patchback[bot]
ca050aa3f6 Update URL reference in integration-test CI file (#1112) (#1113) 
(cherry picked from commit 210467b26d)

Co-authored-by: Bianca Henderson <bianca@redhat.com>
 2026-04-22 14:15:08 -04:00
patchback[bot]
84249fc4f1 ci: conditionally test turbo mode and cloud.common (#1109) (#1110) 
The cloud.common collection is incompatible with ansible-core >= 2.19.0.
With the current testing matrix using Python 3.12 and the ansible
milestone (currently 2.22), this incompatibility causes integration
tests to fail.

Instead of completely removing turbo mode from the testing matrix, this
commit adds ansible-core 2.18 to the matrix and excludes the combination
of the ansible milestone and turbo mode. The checkout and installation
of the cloud.common collection are now conditionally executed only when
turbo mode is enabled.

(cherry picked from commit 11f619b69e)

Co-authored-by: Yuriy Novostavskiy <yuriy@novostavskiy.kiev.ua>
 2026-04-21 14:51:49 -04:00
patchback[bot]
229575fe8f Add sanity test ignores for ansible-core 2.22 (#1102) (#1105) 
The `devel` and `milestone` branches for ansible-core have been bumped to
`2.22.0.dev0` as the `stable-2.21` branch was created. Testing against `devel`
and `milestone` now uses 2.22, which requires creation of the
`tests/sanity/ignore-2.22.txt` file in all maintained collection branches.

# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
#
# On branch ignore-2.22
# Changes to be committed:
#	new file:   tests/sanity/ignore-2.22.txt
#

(cherry picked from commit 58f8f2e6e9)

Co-authored-by: Yuriy Novostavskiy <yuriy@novostavskiy.kiev.ua>
 2026-04-20 18:34:47 -04:00
Bianca Henderson
386f601ae0 Prep 5.4.2 release (#1083) 
SUMMARY

Prep kubernetes.core 5.4.2 release

COMPONENT NAME

Multiple

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Bikouo Aubin
Reviewed-by: Alina Buzachis
Reviewed-by: Mike Graves <mgraves@redhat.com>
 2026-02-03 16:14:10 +00:00
Bianca Henderson
3f2841be95 Remove references to non-existent test files from helm integration test target (#1085) 
SUMMARY

While preparing the 5.4.2 release, an integration test failure indicated that there are references to non-existent test files in the helm integration test target in the stable-5 branch. This is because the changes from #955 were merged into main and stable-6 but not into stable-5 (which is correct, since it's a minor change) but there are references to those helm test targets in #1039, which got backported to both branches as a bugfix.

Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>
Reviewed-by: Mike Graves <mgraves@redhat.com>
 2026-01-30 19:29:16 +00:00
patchback[bot]
91f6827e23 Add idempotency to helm_pull module (#1055) (#1081) 
This is a backport of PR #1055 as merged into main (34beacf).
SUMMARY
This PR implements idempotency for the helm_pull module, addressing issue #889.

New force parameter with defaults to False.
implemented chart_exists() function
checks chart existence before downloading, returns changed=False when chart exists

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
helm_pull
ADDITIONAL INFORMATION
Force parameter added for backward compatibility and edge cases.
Implemented with the partial support of GitHub Copilot with Claude Sonnet 4.5 model

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2026-01-29 18:34:38 +00:00
patchback[bot]
4136d6f606 Fix incorrect assertion in helm_pull integration test (#1077) (#1078) 
This is a backport of PR #1077 as merged into main (23b6cec).
SUMMARY

The error message emitted for incorrect helm version has changed since the merge of #1039. This PR updates the related assertion in the helm_pull integration test

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2026-01-29 17:45:43 +00:00
Bianca Henderson
12847a1555 Replace passing `warnings to exit_json with AnsibleModule.warn` for the few modules (#1033) (#1074) 
This is a backport of PR #1033 as merged into main (3e32c12).
SUMMARY
Using exit_json or fail_json for warnings is deprecated in ansible-core>=2.19.0 and will be removed in ansible-core>=2.23.0
Tested with ansible-core 2.19.3 as the latest released version at the time of the start of this PR and with 2.16.0 as the lowest version supported by kubernetes.core 6.x
Resolves: #1031
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
k8s_drain
k8s_rollback
k8s_scale
ADDITIONAL INFORMATION
The initial version of this PR covers only the module k8s_drain, with the following commits extended to k8s_rollback
k8s_scale

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
 2026-01-26 22:43:02 +00:00
GomathiselviS
8ddb19aade Fix cherry-pick spillover 
rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
 2026-01-26 11:22:13 -08:00
Yuriy Novostavskiy
0f6b4c873a Limit compatibility to Helm =>v3.0.0,<4.0.0 (#1039) 
SUMMARY
Helm v4 is a major version with backward-incompatible changes, including to the flags and output of the Helm CLI and to the SDK. This version is currently not supported in the kubernetes.core. This PR is related to #1038 and is a short-term solution to mark compatibility explicitly
ISSUE TYPE

Bugfix Pull Request
Docs Pull Request

COMPONENT NAME

helm
helm_template
helm_info
helm_repository
helm_pull
helm_registry_auth
helm_plugin
helm_plugin_info

ADDITIONAL INFORMATION
Added `validate_helm_version()`` method to AnsibleHelmModule that enforces version constraint >=3.0.0,<4.0.0.
Fails fast with clear error message: "Helm version must be >=3.0.0,<4.0.0, current version is {version}"
Some modules (i.e. helm_registry_auth) technically is compatible with Helm v4, but validation was added to all helm modules.
Partially coauthored by GitHub Copilot with Claude Sonnet 4 model.
Addresses issue #1038

Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
(cherry picked from commit 13791ec7bf)

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
 2026-01-26 11:03:26 -08:00
patchback[bot]
acc168e61f Fix K8S_AUTH_VERIFY_SSL environment value handling in kubectl connection plugin (#1049) (#1068) 
This is a backport of PR #1049 as merged into main (12abc9b).
SUMMARY
Fixed a bug where setting K8S_AUTH_VERIFY_SSL=true (or any string value) caused the value to be treated as a separate kubectl command argument instead of being properly converted to a boolean.
The option key name is validate_certs, which does NOT end with "verify_ssl", so the original condition key.endswith("verify_ssl") at line 327 failed. This caused the code to fall through to the else block which added the value as separate
arguments: ["--insecure-skip-tls-verify", "true"], making "true" appear as a kubectl command.
Fixes #1021
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
kubernetes.core.kubectl
ADDITIONAL INFORMATION
Changes Made

Changed condition from key.endswith("verify_ssl") to key == "validate_certs"
Added import of boolean function from ansible.module_utils.parsing.convert_bool
Added proper boolean conversion using boolean(self.get_option(key), strict=False)

Partially used LLM (GitHub Copilot with Claude Sonnet 4).
Before Fix
K8S_AUTH_VERIFY_SSL=true
Command: ['/usr/bin/kubectl', '--insecure-skip-tls-verify', 'true', 'exec', ...]

                                                            ^^^^^ treated as kubectl command (BUG!)

After Fix
K8S_AUTH_VERIFY_SSL=true
Command: ['/usr/bin/kubectl', '--insecure-skip-tls-verify=false', 'exec', ...]
                                                           ^^^^^ properly converted (FIXED!)

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2026-01-23 20:24:33 +00:00
patchback[bot]
49f54edad2 chore(CI): prevent patchback bot from labeling new PRs (#1062) (#1066) 
This is a backport of PR #1062 as merged into main (987c029).
SUMMARY
Currently, the patchback bot creates PRs with cherry-picks of PRs that are labeled with stable-* label, and this PR (as any new PR) gets labeled as needs_triage. This is unnecessary as it intentional PR created by the CI job.
This pull request introduces a small update to ensure that the workflow only runs if the pull request is not created by the patchback[bot] user to avoid unnecessary labels.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
.github/workflows/label-new-prs.yaml
ADDITIONAL INFORMATION
No changelog is required 

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2026-01-22 20:51:52 +00:00
patchback[bot]
c6519926a6 chore(doc): update typos (#1059) (#1067) 
This is a backport of PR #1059 as merged into main (6c00f7c).
SUMMARY
This trivial documentation-only pull request correcting a few errors in README.md.

Documentation corrections:

Fixed a broken Markdown link for the GitHub repository in the support request section.
Corrected the reference from LICENCE to LICENSE to match the actual file name.



ISSUE TYPE

Docs Pull Request

COMPONENT NAME
README.md
ADDITIONAL INFORMATION
Trivial documentation-only change, no changelog is required.

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2026-01-22 20:51:27 +00:00
patchback[bot]
0ff5c952b8 address sanity issues (#1056) (#1065) 
This is a backport of PR #1056 as merged into main (bd1cacc).
SUMMARY


helm/helm_info - Deprecate some parameters and add new ones to resolve sanity issues.
k8s - the return block doc is not aligned with what the module returns


ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

helm, helm_info, k8s
Fixes: #1046

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2026-01-22 13:25:20 +00:00
patchback[bot]
477a9b0b9e Add new workflow to label prs with needs_triage (#1045) (#1047) 
This is a backport of PR #1045 as merged into main (9cfa903).
SUMMARY
This pr adds a new workflow for labeling new and reopened prs that are not marked as draft. The needs_triage label will be removed if the pr is marked as draft during development and re-added once the pr is marked as ready for review.
After consulting with the team, we decided to label prs in a new workflow to allow for the prs and issues to have different labels in the future.
ACA-2362
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
github workflow
Reported CI Issues
Sanity tests: #1046

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-12-18 14:27:25 +00:00
patchback[bot]
eac3c0a88b Add 2.21 ignore file for sanity tests (#1032) (#1035) 
This is a backport of PR #1032 as merged into main (1c16a2d).
SUMMARY

Resolves #1027

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-10-23 20:08:41 +00:00
patchback[bot]
e00d4fc9d7 Extend k8s action group (#992) (#1025) 
This is a backport of PR #992 as merged into main (798f549).
SUMMARY


Add all k8s_* modules to the action group in order to esaily set kubeconfig parameter
ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

meta
ADDITIONAL INFORMATION

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-10-14 20:46:30 +00:00
patchback[bot]
623b8b2716 Selectively redact sensitive kubeconfig data from logs (#1014) (#1023) 
This is a backport of PR #1014 as merged into main (4fa3648).
SUMMARY

Resolves #782

ISSUE TYPE


Bugfix Pull Request

ADDITIONAL INFORMATION


The proper redaction of kubeconfig data can be seen by running this example playbook with verbosity of -vvv against the code in this PR.
Prior to these changes, all info was redacted (as shown in the example below):
ok: [local] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "api_key": null,
            "binary_path": null,
            "ca_cert": null,
            "context": null,
            "get_all_values": false,
            "host": null,
            "kubeconfig": {
                "apiVersion": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "clusters": [
                    {
                        "cluster": {
                            "insecure-skip-tls-verify": true,
                            "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                        },
                        "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                    },
                    {
                        "cluster": {
                            "certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                            "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                        },
                        "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                    },
                    {
                        "cluster": {
                            "certificate-authority": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                            "extensions": [
                                {
                                    "extension": {
                                        "last-update": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                                        "provider": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                                        "version": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                                    },
                                    "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                                }
                            ],
                            "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                        },
                        "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                    }
                ],
                "contexts": [
                    {
                        "context": {
                            "cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                            "user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                        },
                        "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                    },
                    {
                        "context": {
                            "cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                            "user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                        },
                        "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
                    },
[output shortened]

With the changes in this PR, only sensitive data is redacted:
ok: [local] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "api_key": null,
            "binary_path": null,
            "ca_cert": null,
            "context": null,
            "get_all_values": false,
            "host": null,
            "kubeconfig": {
                "apiVersion": "v1",
                "clusters": [
                    {
                        "cluster": {
                            "insecure-skip-tls-verify": true,
                            "server": "<server address>"
                        },
                        "name": "exercise"
                    },
                    {
                        "cluster": {
                            "certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                            "server": "<server address>"
                        },
                        "name": "kind-drain-test"
                    },
                    {
                        "cluster": {
                            "certificate-authority": "<path to .crt>",
                            "extensions": [
                                {
                                    "extension": {
                                        "last-update": "Tue, 07 Oct 2025 11:25:54 EDT",
                                        "provider": "minikube.sigs.k8s.io",
                                        "version": "v1.35.0"
                                    },
                                    "name": "cluster_info"
                                }
                            ],
                            "server": "<server address>"
                        },
                        "name": "minikube"
                    }
                ],
                "contexts": [
                    {
                        "context": {
                            "cluster": "exercise-pod",
                            "user": "bianca"
                        },
                        "name": "exercise"
                    },
                    {
                        "context": {
                            "cluster": "kind-drain-test",
                            "user": "kind-drain-test"
                        },
                        "name": "kind-drain-test"
                    },
[output shortened]

Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
 2025-10-14 19:16:18 +00:00
patchback[bot]
906c50f2c6 775 document proxy configurations (#1018) (#1019) 
This is a backport of PR #1018 as merged into main (ae624cf).
SUMMARY
Added documentation for no_proxy, proxy, and proxy_headers parameters that were missing from the k8s lookup plugin. These parameters are already implemented in the codebase but were not documented.
no_proxy: Comma separated list of hosts that shouldn't use proxy
proxy: HTTP proxy URL for connections
proxy_headers: Dictionary of proxy headers with suboptions for proxy_basic_auth, basic_auth, and user_agent
Fixes #775
ISSUE TYPE

Docs Pull Request

COMPONENT NAME
k8s lookup
Additional comment
This is a reissue of #993, which was lost during the latest release due to me PR incorrectly from my fork's main branch. Linter errors on the previous PR should already be resolved.
This had the backport-5, backport-6 and skip-changelog labels.

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-10-10 17:30:27 +00:00
Mandar Kulkarni
b16bb15d34 prepare release 5.4.1 (#1009) 
SUMMARY


ISSUE TYPE


Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>
 2025-10-07 13:07:26 +00:00
patchback[bot]
588f60adc8 update doc following #971 (#1006) (#1007) 
This is a backport of PR #1006 as merged into main (200d64f).
SUMMARY
In the PR #971, support for copying files to initContainers, and this change includes a minor update for DOCUMENTATION for the k8s_cp module; however, docs/kubernetes.core.k8s_cp_module.rst wasn't updated, and it's a trivial change following the Updating documentation section of the CONTRIBUTING.md
ISSUE TYPE

Docs Pull Request

COMPONENT NAME
docs/kubernetes.core.k8s_cp_module.rst
ADDITIONAL INFORMATION
As it is a trivial change and related to #971, I didn't created a chnagelog fragment and suggest adding skip-changelog label.
To be backported to stable-5 and stable-6

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-10-02 20:21:19 +00:00
patchback[bot]
deac7719c2 Add the PR head as reference to the checkout action of the splitter job. (#981) (#1004) 
This is a backport of PR #981 as merged into main (ec35c74).
SUMMARY
During the workflow checks of one of my previous pull requests, I ran into an error as result of a new integration test that was added in the main branch but which was not present in my pull request (https://github.com/ansible-collections/kubernetes.core/actions/runs/16787189478/job/47540604109). I'd find out that the reference for the repository checkout for the splitter job was not set and therefor it referenced to the main branch.
With this change, the head of the pull request is used as reference for the repository checkout action, in the splitter job. This way it will not fail when someone creates a PR that doesn't have newly added integration tests that were added to the main branch in the meantime. It also adds that newly added integration tests will be tested during the PR workflow checks already.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
bugfix in the workflow
ADDITIONAL INFORMATION
n/a

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-10-02 19:10:01 +00:00
patchback[bot]
cb4b792038 Added support for copying files to init Containers. (#971) (#1002) 
This is a backport of PR #971 as merged into main (027700c).
SUMMARY
Was going trough the list with issues and found 958; which seemed a quick fix.
What I fixed with with this PR:

Added support for copying files to init containers.
Fixed the format message when an exec is failing for a pod (the order was wrong).
Added a check if the container that you try to run copy for is started.

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
copy.py module
ADDITIONAL INFORMATION
Some testing.
Verify that the pod does not exist:
kubectl -n default get pod/yorick
Output:
Error from server (NotFound): pods "yorick" not found

Run the playbook to create the file, create the deployment, wait for the init container to be ready, copy the created file to the init container, cat the copied file (using kubernetes.core.k8s_exec) that is now in the init container and try to copy the created file to the (not started) container (which fails - to see the new error message for it):
cat << EOF | ansible-playbook /dev/stdin
- hosts: localhost
  gather_facts: False
  tasks:

  - ansible.builtin.copy:
      content: |
        Hi there
      dest: /tmp/yorick.txt

  - name: Deploy pod with initContainer with an unlimited while loop
    kubernetes.core.k8s:
      kubeconfig: "~/.kube/config"
      definition:
        apiVersion: v1
        kind: Pod
        metadata:
          name: "yorick"
          namespace: "default"
        spec:
          initContainers:
            - name: "yorick-init"
              image: busybox:latest
              command: ["/bin/sh"]
              args:
                - "-c"
                - |
                  echo "Init container started, waiting for file..."
                  # Wait for the file to be copied
                  while :;do
                    echo "Waiting for file"
                    sleep 5
                  done
                  echo "File received! Init container completing..."
          containers:
            - name: "yorick-container"
              image: busybox:latest
              command: ["/bin/sh"]
              args:
                - "-c"
                - |
                  # Keep container running for testing
                  sleep 300

  - kubernetes.core.k8s_info:
      kubeconfig: "~/.kube/config"
      api_version: v1
      kind: Pod
      name: "yorick"
      namespace: "default"
    register: pod_status
    until: >-
      pod_status.resources|length > 0
      and 'initContainerStatuses' in pod_status.resources.0.status
      and pod_status.resources.0.status.initContainerStatuses|length > 0
      and pod_status.resources.0.status.initContainerStatuses.0.started|bool

  - name: Copy /tmp/yorick.txt to the yorick-init init container
    kubernetes.core.k8s_cp:
      kubeconfig: "~/.kube/config"
      namespace: default
      pod: yorick
      remote_path: /tmp/yorick.txt
      local_path: /tmp/yorick.txt
      container: yorick-init

  - name: Execute a command
    kubernetes.core.k8s_exec:
      kubeconfig: "~/.kube/config"
      namespace: default
      pod: yorick
      container: yorick-init
      command: cat /tmp/yorick.txt
    register: exec_out

  - ansible.builtin.debug:
      var: exec_out.stdout

  - name: Try to copy /tmp/yorick.txt to the yorick-container container
    kubernetes.core.k8s_cp:
      kubeconfig: "~/.kube/config"
      namespace: default
      pod: yorick
      remote_path: /tmp/yorick.txt
      local_path: /tmp/yorick.txt
      container: yorick-container
EOF
Output:
PLAY [localhost] ********************************************************************************************************************************************************************

TASK [ansible.builtin.copy] *********************************************************************************************************************************************************
Thursday 31 July 2025  02:01:21 +0200 (0:00:00.016)       0:00:00.016 *********
ok: [localhost]

TASK [Deploy pod with initContainer with an unlimited while loop] *******************************************************************************************************************
Thursday 31 July 2025  02:01:21 +0200 (0:00:00.788)       0:00:00.804 *********
changed: [localhost]

TASK [kubernetes.core.k8s_info] *****************************************************************************************************************************************************
Thursday 31 July 2025  02:01:25 +0200 (0:00:03.963)       0:00:04.768 *********
FAILED - RETRYING: [localhost]: kubernetes.core.k8s_info (3 retries left).
ok: [localhost]

TASK [Copy /tmp/yorick.txt to the yorick-init init container] ***********************************************************************************************************************
Thursday 31 July 2025  02:01:32 +0200 (0:00:06.598)       0:00:11.366 *********
changed: [localhost]

TASK [Execute a command] ************************************************************************************************************************************************************
Thursday 31 July 2025  02:01:39 +0200 (0:00:07.017)       0:00:18.383 *********
changed: [localhost]

TASK [ansible.builtin.debug] ********************************************************************************************************************************************************
Thursday 31 July 2025  02:01:40 +0200 (0:00:00.644)       0:00:19.028 *********
ok: [localhost] => {
    "exec_out.stdout": "Hi there\n"
}

TASK [Try to copy /tmp/yorick.txt to the yorick-container container] ****************************************************************************************************************
Thursday 31 July 2025  02:01:40 +0200 (0:00:00.021)       0:00:19.050 *********
fatal: [localhost]: FAILED! => {
    "changed": false
}

MSG:

Pod container yorick-container is not started

PLAY RECAP **************************************************************************************************************************************************************************
localhost                  : ok=6    changed=3    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Playbook run took 0 days, 0 hours, 0 minutes, 21 seconds

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-09-25 15:10:52 +00:00
patchback[bot]
6215ac763b fix(k8s,service): Hide fields first before creating diffs (#915) (#962) 
This is a backport of PR #915 as merged into main (6a0635a).
SUMMARY

By hiding fields first before creating a diff hidden fields will not be shown in the resulting diffs and therefore will also not trigger the changed condition.
The issue can only be reproduced when a mutating webhook changes the object while the kubernetes.core.k8s module is working with it.

kubevirt/kubevirt.core#145
ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

kubernetes.core.module_utils.k8s.service
ADDITIONAL INFORMATION


Run kubernetes.core.k8s and create object with hidden fields. After run kubernetes.core.k8s again and let a webhook mutate the object that the module is working with. The module should return with changed: no.

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-09-24 20:36:59 +00:00
Bianca Henderson
d5599f1964 Minor updates to changelog to match stable-6 and main (#991) 
This will make all stable-5 changelog content match main and stable-6 so there will no longer be formatting issues when doing release work in the future (basically a manual backport of #989).

Reviewed-by: Alina Buzachis
 2025-09-22 19:58:15 +00:00
patchback[bot]
90134ec3e0 [CI Fix] Remove ansible.module_utils.six imports (#998) (#999) 
This is a backport of PR #998 as merged into main (448d3fe).
SUMMARY
This PR is essentially attempting Option B from issue #996 (Option A is implemented here); this code update accounts for the recent merge of sanity: warn on ansible.module_utils.six imports #85651.

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mandar Kulkarni <mandar242@gmail.com>
 2025-09-22 16:54:06 +00:00
Bianca Henderson
dcbe52e722 Prep kubernetes.core 5.4.0 release (#970) 
SUMMARY

Prep kubernetes.core 5.4.0 release

COMPONENT NAME
Multiple

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Alina Buzachis
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
 2025-08-12 16:56:58 +00:00
patchback[bot]
1e711d4da8 CI fix for 976 (#982) (#984) 
This is a backport of PR #982 as merged into main (a861079).
SUMMARY
Exclude plugins/connection/kubectl.py from ansible-lint, as this file contains only examples that is simplificated and may not be accordingally to linter rules.
resolves #976
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
CI
ADDITIONAL INFORMATION

Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-08-12 15:41:03 +00:00
Bianca Henderson
4b2dc4f974 Reapply "Remove kubeconfig value from module invocation log (#826)" (#899) (#965) (#980) 
This reverts commit eb0aeeb from stable-5 (i.e., reapplies the changes from #965); this is a temporary fix for #782 as it will re-introduce #870.

Reviewed-by: Alina Buzachis
Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>
 2025-08-11 16:48:07 +00:00
patchback[bot]
eb0aeeb318 Revert "Remove kubeconfig value from module invocation log (#826)" (#899) (#965) 
This is a backport of PR #899 as merged into main (1705ced).
This reverts commit 6efabd3.
SUMMARY

Fixes #870
A better solution is necessary to address #782. The current code makes getting manifests practically unusable. We need to revert this commit until a better solution is found.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

kubeconfig

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-07-22 21:28:48 +00:00
patchback[bot]
f3d3696093 Fix the integration test for helm_registry_auth with helm >= 3.18.0 and clarify idempotency. (#946) (#961) 
This is a backport of PR #946 as merged into main (642eb93).
SUMMARY
Fix the integration test for helm_registry_auth with helm >= 3.18.0 and clarify idempotency.
Fixes #944
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
helm_registry_auth
ADDITIONAL INFORMATION
Caused by the changes in helm starting from 3.18.0

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-07-15 16:01:23 +00:00
patchback[bot]
e3da2f28fd Fix integration test with ansibe-core 2.20 (#951) (#959) 
This is a backport of PR #951 as merged into main (f568c9d).
SUMMARY
Now that ansible-core 2.19.0rc1 has been released, ansible-core’s devel branch has been bumped from 2.19.0.dev0 to 2.20.0.dev0. This potentially requires collection CIs to be updated which rely on devel using tests/sanity/ignore-2.19.txt, for example. Also it’s now time to add stable-2.19 to CI if you relied on devel to cover 2.19 so far. Note that milestone has also been updated to 2.20.0dev0.
During testing, I noticed that the failed test tasks/test_helm_not_installed.yml due to the new error message with ansible 2.20, please find here and following comments.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
test/CI (tasks/test_helm_not_installed.yml)
ADDITIONAL INFORMATION
to be cherry-picked to the stable-6 and stable-5

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-07-15 15:34:36 +00:00
Yuriy Novostavskiy
bb599542e8 add sanity/ignore for 2.20 and remove 2.16 and 2.14 (#954) 
SUMMARY
Now that ansible-core 2.19.0rc1 has been released, ansible-core’s devel branch has been bumped from 2.19.0.dev0 to 2.20.0.dev0. This  requires collection CI to be updated with using tests/sanity/ignore-2.20.txt. In the same time, ignore-2.14.txt ignore-2.15.txt is not required anymore as they are excluded from the matrix.
This PR is precific to stable-5 (and probably to be cherry-picked to stable-3) and is not required to main and stable-6 and such changes is already here.
ISSUE TYPE

CI Pull Request

COMPONENT NAME
CI
ADDITIONAL INFORMATION
It's required to have passed CI for #952

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Alina Buzachis
 2025-07-15 13:53:17 +00:00
patchback[bot]
6560fb1c53 Fix unit tests (#939) (#940) 
This is a backport of PR #939 as merged into main (34fd40d).
Some unit tests are broken with ansible-core 2.19, this PR aims to fix them.

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-07-11 02:23:06 +00:00
patchback[bot]
20084d119e Push changes from 3.3.1 into main branch (#893) (#894) 
This is a backport of PR #893 as merged into main (0e7229c).
Release 3.3.1 is out; push changes to main branch

Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-05-16 18:31:00 +00:00
Bikouo Aubin
c47343d7b6 Prepare release 5.3.0 (#929) 
Release 5.3.0

Update galaxy.yml and README.md
Update release files using antsibull-changelog

Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Yuriy Novostavskiy
 2025-05-16 08:16:23 +00:00
Bianca Henderson
c213b51741 Add info to the README about stable-4 branch no longer being maintained (#931) 
SUMMARY

Resolves ACA-2383 and #918.
Adjusting the changes made in #926 per #930.

ISSUE TYPE


Docs Pull Request

COMPONENT NAME

README.md
ADDITIONAL INFORMATION
Also made some minor capitalization edits.

Reviewed-by: Bikouo Aubin
 2025-05-15 15:11:28 +00:00
patchback[bot]
60b53b9dc9 Add helm insecure skip tls verify (#901) (#925) 
This is a backport of PR #901 as merged into main (914a16e).
SUMMARY
Added the option insecure_skip_tls_verify  to the following helm modules:

helm_repository
helm
Unified the option with alias in helm_pull

For helm, added the option to the helm diff call, as it got fixed upstream.
Upstream Issue: databus23/helm-diff#503
Fixed with: helm/helm#12856
Fixes #694
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

kubernetes.core.helm
kubernetes.core.helm_repository
kubernetes.core.helm_pull

ADDITIONAL INFORMATION
Basically the option was added in the parameters set in the ansible job, in the docs and then injected in the helm and helm diff binary calls if set. Defaults to False.
Example
---
- name: Test helm modules
  tasks:
    - name: Test helm repository insecure
      kubernetes.core.helm_repository:
        name: insecure
        repo_url: "<helm-repo-with-self-signed-tls>"
        state: present
        insecure_skip_tls_verify: true
    - name: Test helm pull insecure
      kubernetes.core.helm_pull:
        chart_ref: "oci://<helm-repo-with-self-signed-tls>/ptroject"
        destination: /tmp
        insecure_skip_tls_verify: true
    - name: Test helm insecure
      kubernetes.core.helm:
        name: insecure
        chart_ref: "oci://<helm-repo-with-self-signed-tls>/project"
        namespace: helm-insecure-test
        state: present
        insecure_skip_tls_verify: true
Note
Might need an alias for telm_template, as the option is called insecure_registry, in the manual and docs of helm it would be --insecure-skip-tls-verify as well though.
Not included, as it was recently merged with #805

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
Reviewed-by: Mike Graves <mgraves@redhat.com>
 2025-05-06 23:32:56 +00:00
patchback[bot]
d531368d64 Update ansible-lint version to 25.1.2 (#919) (#921) 
This is a backport of PR #919 as merged into main (b594d35).
Update ansible-lint version to 25.1.2

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-04-29 18:03:42 +00:00
patchback[bot]
c3bf5cc47f add reset_then_reuse_values support to helm module (#802) (#917) 
This is a backport of PR #802 as merged into main (00699ac).
SUMMARY
Starting with version 3.14.0, Helm supports --reset-then-reuse-values. As discussed on the original PR. This greatly improves on --reuse-values as it allows to avoid templates errors when new features are added to an upgraded chart.
Closes #803
ISSUE TYPE

Feature Pull Request

COMPONENT NAME
helm
ADDITIONAL INFORMATION
This PR is greatly 'inspired' by #575 and because I wasn't sure how I could provide additional tests for it, I actually copied those build previously for --reuse-values (as it is an improvement on this feature.

Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-04-29 17:54:15 +00:00
patchback[bot]
349534b85b Rebase PR #898 (#905) (#913) 
This is a backport of PR #905 as merged into main (d329e7e).
This PR is a rebase of #898 for CI to pass
Thanks @efussi for your collaboration.
Closes #892

Reviewed-by: Bikouo Aubin
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
 2025-04-25 15:59:21 +00:00
patchback[bot]
92e3f98a20 Bugfix: fix unit-source for pre-release of ansible-core 2.20 (devel and milestone branch) (#903) (#909) 
SUMMARY
CI fix for #904
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
tests/unit
ADDITIONAL INFORMATION

Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
(cherry picked from commit d4fc22c74e)

Co-authored-by: Yuriy Novostavskiy <yuriy@novostavskiy.kiev.ua>
 2025-04-25 11:01:13 -04:00
patchback[bot]
d2dcb9e55f Run integration tests using ansible-core 2.19 (#888) (#895) 
* fix integration test ``k8s_full`` running with ansible-core 2.19

* Fix templating issues

* fix test on current ansible version

* fix tests cases

* Fix additional tests

* fix the templating mechanism

* consider using variable_[start/end]_string while parsing template

* Remove support for omit into template option

* Remove unnecessary unit tests

(cherry picked from commit 2cb5d6c316)

Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
 2025-04-25 16:49:10 +02:00
103 changed files with 3116 additions and 906 deletions
Expand all files Collapse all files

1
.config/ansible-lint.yml → .ansible-lint
View File

@@ -3,6 +3,7 @@ profile: production
exclude_paths:
- .ansible/
- .github/
- tests/integration
- tests/unit
- tests/sanity

1
.ansible-lint-ignore
View File

@@ -3,3 +3,4 @@
plugins/connection/kubectl.py no-changed-when
# false positive result
plugins/connection/kubectl.py var-naming[no-reserved]
plugins/connection/kubectl.py jinja[invalid]

30
.github/workflows/integration-tests.yaml vendored
View File

@@ -26,6 +26,7 @@ jobs:
with:
path: ${{ env.source_dir }}
fetch-depth: "0"
ref: ${{ github.event.pull_request.head.sha }}
- name: list changes for pull request
id: splitter
@@ -50,18 +51,20 @@ jobs:
source: "./source"
cloud_common: "./cloudcommon"
ansible_posix: "./ansible_posix"
community_general: "./community_general"
strategy:
fail-fast: false
matrix:
ansible-version:
- milestone
# Ref must match a branch/tag on github.com/ansible/ansible (e.g. stable-2.18, not 2.18).
ansible-version: ["stable-2.18", "milestone"]
enable-turbo-mode: [true, false]
exclude:
- ansible-version: "milestone"
enable-turbo-mode: true
python-version:
- "3.12"
enable-turbo-mode:
- true
- false
workflow-id: ${{ fromJson(needs.splitter.outputs.test_jobs) }}
name: "integration-py${{ matrix.python-version }}-${{ matrix.ansible-version }}-${{ matrix.workflow-id }}"
name: "integration-py${{ matrix.python-version }}-${{ matrix.ansible-version }}-${{ matrix.workflow-id }}-enable_turbo=${{ matrix.enable-turbo-mode }}"
steps:
- name: Read target
id: read-targets
@@ -105,6 +108,7 @@ jobs:
source_path: ${{ env.source }}
- name: checkout ansible-collections/cloud.common
if: ${{ matrix.enable-turbo-mode == true }}
uses: ansible-network/github_actions/.github/actions/checkout_dependency@main
with:
repository: ansible-collections/cloud.common
@@ -118,7 +122,15 @@ jobs:
path: ${{ env.ansible_posix }}
ref: main
- name: checkout ansible-collections/community.general
uses: ansible-network/github_actions/.github/actions/checkout_dependency@main
with:
repository: ansible-collections/community.general
path: ${{ env.community_general }}
ref: main
- name: install cloud.common collection
if: ${{ matrix.enable-turbo-mode == true }}
uses: ansible-network/github_actions/.github/actions/build_install_collection@main
with:
install_python_dependencies: true
@@ -130,6 +142,12 @@ jobs:
install_python_dependencies: true
source_path: ${{ env.ansible_posix }}
- name: install community.general collection
uses: ansible-network/github_actions/.github/actions/build_install_collection@main
with:
install_python_dependencies: false
source_path: ${{ env.community_general }}
- name: create kubernetes cluster
uses: helm/kind-action@v1.8.0
with:

28
.github/workflows/label-new-prs.yaml vendored Normal file
View File

@@ -0,0 +1,28 @@
---
name: label new prs
on:
pull_request_target:
types:
- opened
- reopened
- converted_to_draft
- ready_for_review
jobs:
add_label:
if: github.actor != 'patchback[bot]'
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Add 'needs_triage' label if the pr is not a draft
uses: actions-ecosystem/action-add-labels@v1
if: github.event.pull_request.draft == false
with:
labels: needs_triage
- name: Remove 'needs_triage' label if the pr is a draft
uses: actions-ecosystem/action-remove-labels@v1
if: github.event.pull_request.draft == true
with:
labels: needs_triage

4
.github/workflows/linters.yaml vendored
View File

@@ -20,4 +20,6 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: run-ansible-lint
uses: ansible/ansible-lint@v24.12.2
uses: ansible/ansible-lint@main
with:
gh_action_ref: "v25.5.0"

3
.gitignore vendored
View File

@@ -21,3 +21,6 @@ tests/integration/*-chart-*.tgz
# ansible-test generated file
tests/integration/inventory
tests/integration/*-*.yml
# VS Code settings
.vscode/

1
.yamllint
View File

@@ -26,3 +26,4 @@ ignore: |
.tox
.ansible
tests/output
plugins/connection/kubectl.py

94
CHANGELOG.rst
View File

@@ -4,6 +4,90 @@ Kubernetes Collection Release Notes
.. contents:: Topics
v5.4.2
======
Release Summary
---------------
This release includes bugfixes such as replacing the passing of ``warnings`` to ``exit_json`` with ``AnsibleModule.warn`` as well as a security update for selectively redacting sensitive information from kubeconfig.
Minor Changes
-------------
- helm - add ``release_values`` key to ``status`` return value that can be accessed using Jinja2 dot notation (https://github.com/ansible-collections/kubernetes.core/pull/1056).
- helm_info - add ``release_values`` key to ``status`` return value that can be accessed using Jinja2 dot notation (https://github.com/ansible-collections/kubernetes.core/pull/1056).
Deprecated Features
-------------------
- helm - the ``status.values`` return value has been deprecated and will be removed in a release after 2027-01-08. Use ``status.release_values`` instead (https://github.com/ansible-collections/kubernetes.core/pull/1056).
- helm_info - the ``status.values`` return value has been deprecated and will be removed in a release after 2027-01-08. Use ``status.release_values`` instead (https://github.com/ansible-collections/kubernetes.core/pull/1056).
Security Fixes
--------------
- Selectively redact sensitive info from kubeconfig instead of applying blanket ``no_log=True`` (https://github.com/ansible-collections/kubernetes.core/pull/1014).
Bugfixes
--------
- Add idempotency for ``helm_pull`` module (https://github.com/ansible-collections/kubernetes.core/pull/1055).
- Fixed a bug where setting ``K8S_AUTH_VERIFY_SSL=true`` (or any string value) caused the value to be treated as a separate ``kubectl`` command argument (https://github.com/ansible-collections/kubernetes.core/pull/1049).
- Limit supported versions of Helm to <4.0.0 (https://github.com/ansible-collections/kubernetes.core/pull/1039).
- Replace passing ``warnings`` to ``exit_json`` with ``AnsibleModule.warn`` in the ``k8s_drain``, ``k8s_rollback.py`` and ``k8s_scale.py`` modules as it deprecated in ``ansible-core>=2.19.0`` and will be removed in ``ansible-core>=2.23.0`` (https://github.com/ansible-collections/kubernetes.core/pull/1033).
- k8s - Fix return block from the module documentation (https://github.com/ansible-collections/kubernetes.core/pull/1056).
- meta - Add ``k8s_cluster_info``, ``k8s_json_patch`` and ``k8s_rollback`` to k8s action group (https://github.com/ansible-collections/kubernetes.core/pull/992).
v5.4.1
======
Release Summary
---------------
This release includes bugfixes for k8s service field handling, k8s_cp init containers support, and removes deprecated ansible.module_utils.six imports.
Bugfixes
--------
- Remove ``ansible.module_utils.six`` imports to avoid warnings (https://github.com/ansible-collections/kubernetes.core/pull/998).
- Update the `k8s_cp` module to also work for init containers (https://github.com/ansible-collections/kubernetes.core/pull/971).
- module_utils/k8s/service - hide fields first before creating diffs (https://github.com/ansible-collections/kubernetes.core/pull/915).
v5.4.0
======
Release Summary
---------------
This release updates the ``helm_registry_auth`` module to match the behavior of ``helm >= 3.18.0`` which reports a successful logout regardless of the current state (i.e., no idempotency).
Minor Changes
-------------
- Module ``helm_registry_auth`` does not support idempotency with ``helm >= 3.18.0`` (https://github.com/ansible-collections/kubernetes.core/pull/946)
v5.3.0
======
Release Summary
---------------
This release includes minor changes, bug fixes and also bumps ``ansible-lint`` version to ``25.1.2``.
Minor Changes
-------------
- Bump version of ``ansible-lint`` to 25.1.2 (https://github.com/ansible-collections/kubernetes.core/pull/919).
- action/k8s_info - update templating mechanism with changes from ``ansible-core 2.19`` (https://github.com/ansible-collections/kubernetes.core/pull/888).
- helm - add ``reset_then_reuse_values`` support to helm module (https://github.com/ansible-collections/kubernetes.core/issues/803).
- helm - add support for ``insecure_skip_tls_verify`` option to helm and helm_repository(https://github.com/ansible-collections/kubernetes.core/issues/694).
Bugfixes
--------
- module_utils/k8s/service - fix issue when trying to delete resource using ``delete_options`` and ``check_mode=true`` (https://github.com/ansible-collections/kubernetes.core/issues/892).
v5.2.0
======
@@ -30,7 +114,7 @@ This release came with new module ``helm_registry_auth``, improvements to the er
Minor Changes
-------------
- Bump version of ansible-lint to minimum 24.7.0 (https://github.com/ansible-collections/kubernetes.core/pull/765).
- Bump version of ``ansible-lint`` to minimum 24.7.0 (https://github.com/ansible-collections/kubernetes.core/pull/765).
- Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify (https://github.com/ansible-collections/kubernetes.core/pull/805).
- k8s_drain - Improve error message for pod disruption budget when draining a node (https://github.com/ansible-collections/kubernetes.core/issues/797).
@@ -102,6 +186,14 @@ Bugfixes
- helm - use ``reuse-values`` when running ``helm diff`` command (https://github.com/ansible-collections/kubernetes.core/issues/680).
- integrations test helm_kubeconfig - set helm version to v3.10.3 to avoid incompatability with new bitnami charts (https://github.com/ansible-collections/kubernetes.core/pull/670).
v3.3.1
======
Release Summary
---------------
This release fixes the CI issues with the ``linters`` workflow.
v3.3.0
======

2
Makefile
View File

@@ -1,5 +1,5 @@
# Also needs to be updated in galaxy.yml
VERSION = 5.2.0
VERSION = 5.4.2
TEST_ARGS ?= ""
PYTHON_VERSION ?= `python -c 'import platform; print(".".join(platform.python_version_tuple()[0:2]))'`

34
README.md
View File

@@ -21,7 +21,7 @@ For more information about communication, see the [Ansible communication guide](
## Requirements
<!--start requires_ansible-->
## Ansible version compatibility
## Ansible Version Compatibility
This collection has been tested against following Ansible versions: **>=2.15.0**.
@@ -32,6 +32,10 @@ A collection may contain metadata that identifies these versions.
PEP440 is the schema used to describe the versions of Ansible.
<!--end requires_ansible-->
### Helm Version Compatibility
Helm modules in this collection are compatible with Helm v3.x and are not yet compatible with Helm v4. Individual modules and their parameters may support a more specific range of Helm versions.
### Python Support
* Collection supports 3.9+
@@ -42,27 +46,27 @@ Note: Python2 is deprecated from [1st January 2020](https://www.python.org/doc/s
This collection supports Kubernetes versions >= 1.24.
### Included content
### Included Content
Click on the name of a plugin or module to view that content's documentation:
<!--start collection content-->
### Connection plugins
### Connection Plugins
Name | Description
--- | ---
[kubernetes.core.kubectl](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.kubectl_connection.rst)|Execute tasks in pods running on Kubernetes.
### K8s filter plugins
### K8s filter Plugins
Name | Description
--- | ---
kubernetes.core.k8s_config_resource_name|Generate resource name for the given resource of type ConfigMap, Secret
### Inventory plugins
### Inventory Plugins
Name | Description
--- | ---
[kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_inventory.rst)|Kubernetes (K8s) inventory source
### Lookup plugins
### Lookup Plugins
Name | Description
--- | ---
[kubernetes.core.k8s](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/kubernetes.core.k8s_lookup.rst)|Query the K8s API
@@ -106,7 +110,7 @@ You can also include it in a `requirements.yml` file and install it via `ansible
---
collections:
- name: kubernetes.core
version: 5.2.0
version: 5.4.2
```
### Installing the Kubernetes Python Library
@@ -183,8 +187,7 @@ If upgrading older playbooks which were built prior to Ansible 2.10 and this col
For documentation on how to use individual modules and other content included in this collection, please see the links in the 'Included content' section earlier in this README.
## Ansible Turbo mode Tech Preview
## Ansible Turbo Mode Tech Preview
The ``kubernetes.core`` collection supports Ansible Turbo mode as a tech preview via the ``cloud.common`` collection. By default, this feature is disabled. To enable Turbo mode for modules, set the environment variable `ENABLE_TURBO_MODE=1` on the managed node. For example:
@@ -202,7 +205,7 @@ defined in the playbook using `environment` keyword as above, you must set it us
Please read more about Ansible Turbo mode - [here](https://github.com/ansible-collections/kubernetes.core/blob/main/docs/ansible_turbo_mode.rst).
## Contributing to this collection
## Contributing to this Collection
If you want to develop new content for this collection or improve what's already here, the easiest way to work on the collection is to clone it into one of the configured [`COLLECTIONS_PATHS`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#collections-paths), and work on it there.
@@ -224,7 +227,7 @@ You can run the collection's test suites with the commands:
### Testing with `molecule`
There are also integration tests in the `molecule` directory which are meant to be run against a local Kubernetes cluster, e.g. using [KinD](https://kind.sigs.k8s.io) or [Minikube](https://minikube.sigs.k8s.io). To setup a local cluster using KinD and run Molecule:
There are also integration tests in the `molecule` directory which are meant to be run against a local Kubernetes cluster, e.g. using [KinD](https://kind.sigs.k8s.io) or [Minikube](https://minikube.sigs.k8s.io). To set up a local cluster using KinD and run Molecule:
kind create cluster
make test-molecule
@@ -252,6 +255,8 @@ The process for uploading a supported release to Automation Hub is documented se
<!--List available communication channels. In addition to channels specific to your collection, we also recommend to use the following ones.-->
> **Note:** The `stable-4` branch, which handles all `4.x.y` releases of this collection, is no longer supported. This means that no backports nor releases will be performed on the `stable-4` branch.
We announce releases and important changes through Ansible's [The Bullhorn newsletter](https://github.com/ansible/community/wiki/News#the-bullhorn). Be sure you are [subscribed](https://eepurl.com/gZmiEP).
We take part in the global quarterly [Ansible Contributor Summit](https://github.com/ansible/community/wiki/Contributor-Summit) virtually or in-person. Track [The Bullhorn newsletter](https://eepurl.com/gZmiEP) and join us.
@@ -261,9 +266,9 @@ For more information about communication, refer to the [Ansible Communication gu
For the latest supported versions, refer to the release notes below.
If you encounter issues or have questions, you can submit a support request through the following channels:
- GitHub Issues: Report bugs, request features, or ask questions by opening an issue in the [GitHub repository]((https://github.com/ansible-collections/kubernetes.core/).
- GitHub Issues: Report bugs, request features, or ask questions by opening an issue in the [GitHub repository](https://github.com/ansible-collections/kubernetes.core/).
## Release notes
## Release Notes
See the [raw generated changelog](https://github.com/ansible-collections/kubernetes.core/blob/main/CHANGELOG.rst).
@@ -273,9 +278,8 @@ We follow the [Ansible Code of Conduct](https://docs.ansible.com/ansible/devel/c
If you encounter abusive behavior, please refer to the [policy violations](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html#policy-violations) section of the Code for information on how to raise a complaint.
## License
GNU General Public License v3.0 or later
See LICENCE to see the full text.
See LICENSE to see the full text.

101
changelogs/changelog.yaml
View File

@@ -900,6 +900,12 @@ releases:
- 798-drain-pdb-error-message.yaml
- readme_template_update.yml
release_date: '2025-01-20'
3.3.1:
changes:
release_summary: This release fixes the CI issues with the ``linters`` workflow.
fragments:
- release_summary.yml
release_date: '2025-03-26'
4.0.0:
changes:
bugfixes:
@@ -971,7 +977,7 @@ releases:
- kustomize - kustomize plugin fails with deprecation warnings (https://github.com/ansible-collections/kubernetes.core/issues/639).
- waiter - Fix waiting for daemonset when desired number of pods is 0. (https://github.com/ansible-collections/kubernetes.core/pull/756).
minor_changes:
- Bump version of ansible-lint to minimum 24.7.0 (https://github.com/ansible-collections/kubernetes.core/pull/765).
- Bump version of ``ansible-lint`` to minimum 24.7.0 (https://github.com/ansible-collections/kubernetes.core/pull/765).
- Parameter insecure_registry added to helm_template as equivalent of insecure-skip-tls-verify
(https://github.com/ansible-collections/kubernetes.core/pull/805).
- k8s_drain - Improve error message for pod disruption budget when draining
@@ -1017,3 +1023,96 @@ releases:
- 643-extend-hidden-fields.yaml
- 879-clusteroperator-waiter.py.yaml
release_date: '2025-03-27'
5.3.0:
changes:
bugfixes:
- module_utils/k8s/service - fix issue when trying to delete resource using
`delete_options` and `check_mode=true` (https://github.com/ansible-collections/kubernetes.core/issues/892).
minor_changes:
- kubernetes.core - Bump version of ``ansible-lint`` to ``25.1.2`` (https://github.com/ansible-collections/kubernetes.core/pull/919).
- action/k8s_info - update templating mechanism with changes from ``ansible-core
2.19`` (https://github.com/ansible-collections/kubernetes.core/pull/888).
- helm - add ``reset_then_reuse_values`` support to helm module (https://github.com/ansible-collections/kubernetes.core/issues/803).
- helm - add support for ``insecure_skip_tls_verify`` option to helm and ``helm_repository`` (https://github.com/ansible-collections/kubernetes.core/issues/694).
release_summary: This release includes minor changes, bug fixes and also bumps
``ansible-lint`` version to ``25.1.2``.
fragments:
- 20250324-k8s_info-templating.yaml
- 5.3.0.yml
- 694-add-insecure-skip-tls-verify.yml
- 800-helm-add-reset_then_reuse_values-support.yml
- 898-k8s-dont-delete-in-check-mode.yaml
- 919-update-ansible-lint-version.yaml
release_date: '2025-05-16'
5.4.0:
changes:
minor_changes:
- Module ``helm_registry_auth`` does not support idempotency with ``helm >=
3.18.0`` (https://github.com/ansible-collections/kubernetes.core/pull/946).
release_summary: This release updates the ``helm_registry_auth`` module to match
the behavior of ``helm >= 3.18.0`` which reports a successful logout regardless
of the current state (i.e., no idempotency).
fragments:
- 20250411-kubeconfig-no_log-revert.yaml
- 20250503-fix-unit-tests.yml
- 20250605-fix-helm_registry_auth-integration_test.yaml
- 5.4.0.yml
release_date: '2025-08-12'
5.4.1:
changes:
bugfixes:
- Remove ``ansible.module_utils.six`` imports to avoid warnings (https://github.com/ansible-collections/kubernetes.core/pull/998).
- Update the `k8s_cp` module to also work for init containers (https://github.com/ansible-collections/kubernetes.core/pull/971).
- module_utils/k8s/service - hide fields first before creating diffs (https://github.com/ansible-collections/kubernetes.core/pull/915).
release_summary: This release includes bugfixes for k8s service field handling,
k8s_cp init containers support, and removes deprecated ansible.module_utils.six
imports.
fragments:
- 20250428-k8s-service-hide-fields-first.yaml
- 20250731-fix-k8s_cp-initcontainers.yaml
- 20250922-remove-ansible-six-imports.yaml
- 5.4.1.yml
release_date: '2025-10-07'
5.4.2:
changes:
bugfixes:
- Add idempotency for ``helm_pull`` module (https://github.com/ansible-collections/kubernetes.core/pull/1055).
- Fixed a bug where setting ``K8S_AUTH_VERIFY_SSL=true`` (or any string value)
caused the value to be treated as a separate ``kubectl`` command argument
(https://github.com/ansible-collections/kubernetes.core/pull/1049).
- Limit supported versions of Helm to <4.0.0 (https://github.com/ansible-collections/kubernetes.core/pull/1039).
- Replace passing ``warnings`` to ``exit_json`` with ``AnsibleModule.warn``
in the ``k8s_drain``, ``k8s_rollback.py`` and ``k8s_scale.py`` modules as
it deprecated in ``ansible-core>=2.19.0`` and will be removed in ``ansible-core>=2.23.0``
(https://github.com/ansible-collections/kubernetes.core/pull/1033).
- k8s - Fix return block from the module documentation (https://github.com/ansible-collections/kubernetes.core/pull/1056).
- meta - Add ``k8s_cluster_info``, ``k8s_json_patch`` and ``k8s_rollback`` to
k8s action group (https://github.com/ansible-collections/kubernetes.core/pull/992).
deprecated_features:
- helm - the ``status.values`` return value has been deprecated and will be
removed in a release after 2027-01-08. Use ``status.release_values`` instead
(https://github.com/ansible-collections/kubernetes.core/pull/1056).
- helm_info - the ``status.values`` return value has been deprecated and will
be removed in a release after 2027-01-08. Use ``status.release_values`` instead
(https://github.com/ansible-collections/kubernetes.core/pull/1056).
minor_changes:
- helm - added ``release_values`` key to ``status`` return value that can be
accessed using Jinja2 dot notation (https://github.com/ansible-collections/kubernetes.core/pull/1056).
- helm_info - added ``release_values`` key to ``status`` return value that can
be accessed using Jinja2 dot notation (https://github.com/ansible-collections/kubernetes.core/pull/1056).
release_summary: This release includes various bugfixes such as replacing the
passing of ``warnings`` to ``exit_json`` with ``AnsibleModule.warn`` as well
as security updates for selectively redacting sensitive information from kubeconfig.
security_fixes:
- Selectively redact sensitive info from kubeconfig instead of applying blanket
``no_log=True`` (https://github.com/ansible-collections/kubernetes.core/pull/1014).
fragments:
- 1033-warnings-deprecations.yaml
- 20251002-fix-k8s-actiongroup.yaml
- 20251007-selective-kubeconfig-redaction.yaml
- 20251115-limit-versions-of-helm.yaml
- 20251220-fix-K8S_AUTH_VERIFY_SSL-in-kubectl-connecton-plugion.yaml
- 20260107-add-idempodency-for-helm-pull.yaml
- 20260108-fix-sanity-failures.yml
- 5-4-2.yaml
release_date: '2026-02-03'

45
docs/kubernetes.core.helm_module.rst
View File

@@ -289,6 +289,29 @@ Parameters
<div>Provide a URL for accessing the API. Can also be specified via <code>K8S_AUTH_HOST</code> environment variable.</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>insecure_skip_tls_verify</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 5.3.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Skip tls certificate checks for the chart download.</div>
<div>Do not confuse with the <code>validate_certs</code> option.</div>
<div>This option is only available for helm &gt;= 3.16.0.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: skip_tls_certs_check</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
@@ -435,6 +458,28 @@ Parameters
<div>mutually exclusive with with <code>history_max</code>.</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>reset_then_reuse_values</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 6.0.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>When upgrading package, reset the values to the ones built into the chart, apply the last release&#x27;s values and merge in any overrides from parameters O(release_values), O(values_files) or O(set_values).</div>
<div>If O(reset_values) or O(reuse_values) is set to V(True), this is ignored.</div>
<div>This feature requires helm diff &gt;= 3.9.12.</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>

63
docs/kubernetes.core.helm_pull_module.rst
View File

@@ -27,7 +27,7 @@ Requirements
------------
The below requirements are needed on the host that executes this module.
- helm >= 3.0 (https://github.com/helm/helm/releases)
- helm >= 3.0, <4.0.0 (https://github.com/helm/helm/releases)
Parameters
@@ -174,6 +174,28 @@ Parameters
<div>location to write the chart.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>force</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 6.3.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Force download of the chart even if it already exists in the destination directory.</div>
<div>By default, the module will skip downloading if the chart with the same version already exists for idempotency.</div>
<div>When used with O(untar_chart=true), will remove any existing chart directory before extracting.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
@@ -279,7 +301,8 @@ Parameters
</td>
<td>
<div>Whether or not to check tls certificate for the chart download.</div>
<div>Requires helm &gt;= 3.3.0.</div>
<div>Requires helm &gt;= 3.3.0. Alias <code>insecure_skip_tls_verify</code> added in 5.3.0.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: insecure_skip_tls_verify</div>
</td>
</tr>
<tr>
@@ -375,11 +398,28 @@ Examples
username: myuser
password: mypassword123
- name: Download Chart (force re-download even if exists)
kubernetes.core.helm_pull:
chart_ref: redis
repo_url: https://charts.bitnami.com/bitnami
chart_version: '17.0.0'
destination: /path/to/chart
force: yes
- name: Download and untar chart (force re-extraction even if directory exists)
kubernetes.core.helm_pull:
chart_ref: redis
repo_url: https://charts.bitnami.com/bitnami
chart_version: '17.0.0'
destination: /path/to/chart
untar_chart: yes
force: yes
Return Values
-------------
Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
Common return values are documented `here <https://docs.ansible.com/projects/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
.. raw:: html
@@ -406,6 +446,23 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">helm pull --repo test ...</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>msg</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>when chart already exists</td>
<td>
<div>A message indicating the result of the operation.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">Chart redis version 17.0.0 already exists in destination directory</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>

5
docs/kubernetes.core.helm_registry_auth_module.rst
View File

@@ -25,7 +25,7 @@ Requirements
------------
The below requirements are needed on the host that executes this module.
- helm (https://github.com/helm/helm/releases) => 3.8.0
- helm (https://github.com/helm/helm/releases) >= 3.8.0, <4.0.0
Parameters
@@ -170,6 +170,7 @@ Parameters
<div>Desired state of the registry.</div>
<div>If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host).</div>
<div>If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host).</div>
<div>As helm &gt;= 3.18.0 reports successful logout even if the user is not logged in, this module will report a change regardless of the current state.</div>
</td>
</tr>
<tr>
@@ -214,7 +215,7 @@ Examples
Return Values
-------------
Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
Common return values are documented `here <https://docs.ansible.com/projects/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
.. raw:: html

21
docs/kubernetes.core.helm_repository_module.rst
View File

@@ -143,6 +143,27 @@ Parameters
<div>Provide a URL for accessing the API. Can also be specified via <code>K8S_AUTH_HOST</code> environment variable.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>insecure_skip_tls_verify</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 5.3.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Skip tls certificate checks for the repository url.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: skip_tls_certs_check</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>

1
docs/kubernetes.core.k8s_cp_module.rst
View File

@@ -512,6 +512,7 @@ Notes
.. note::
- the tar binary is required on the container when copying from local filesystem to pod.
- the (init) container has to be started before you copy files or directories to it.
- To avoid SSL certificate validation errors when ``validate_certs`` is *True*, the full certificate chain for the API server must be provided via ``ca_cert`` or in the kubeconfig file.

1
docs/kubernetes.core.k8s_drain_module.rst
View File

@@ -595,6 +595,7 @@ Examples
kubernetes.core.k8s_drain:
state: drain
name: foo
delete_options:
force: yes
- name: Drain node "foo", but abort if there are pods not managed by a ReplicationController, Job, or DaemonSet, and use a grace period of 15 minutes.

18
docs/kubernetes.core.k8s_info_module.rst
View File

@@ -174,8 +174,7 @@ Parameters
</td>
<td>
<div>Hide fields matching any of the field definitions in the result</div>
<div>An example might be <code>hidden_fields=[metadata.managedFields]</code></div>
<div>Only field definitions that don&#x27;t reference list items are supported (so V(spec.containers[0]) would not work)</div>
<div>An example might be <code>hidden_fields=[metadata.managedFields]</code> or V(hidden_fields=[spec.containers[0].env[3].value]) or V(hidden_fields=[metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]])</div>
</td>
</tr>
<tr>
@@ -702,6 +701,21 @@ Examples
wait_sleep: 10
wait_timeout: 360
- name: Wait for OpenShift bootstrap to complete
kubernetes.core.k8s_info:
api_version: v1
kind: ConfigMap
name: bootstrap
namespace: kube-system
register: ocp_bootstrap_status
until: >
ocp_bootstrap_status.resources is defined and
(ocp_bootstrap_status.resources | length > 0) and
(ocp_bootstrap_status.resources[0].data.status is defined) and
(ocp_bootstrap_status.resources[0].data.status == 'complete')
retries: 60
delay: 15
Return Values

3
docs/kubernetes.core.k8s_module.rst
View File

@@ -395,8 +395,7 @@ Parameters
</td>
<td>
<div>Hide fields matching this option in the result</div>
<div>An example might be <code>hidden_fields=[metadata.managedFields]</code></div>
<div>Only field definitions that don&#x27;t reference list items are supported (so V(spec.containers[0]) would not work)</div>
<div>An example might be <code>hidden_fields=[metadata.managedFields]</code> or V(hidden_fields=[spec.containers[0].env[3].value]) or V(hidden_fields=[metadata.annotations[kubectl.kubernetes.io/last-applied-configuration]])</div>
</td>
</tr>
<tr>

2
galaxy.yml
View File

@@ -25,7 +25,7 @@ tags:
- openshift
- okd
- cluster
version: 5.2.0
version: 5.4.2
build_ignore:
- .DS_Store
- "*.tar.gz"

13
meta/runtime.yml
View File

@@ -8,13 +8,16 @@ action_groups:
- helm_repository
k8s:
- k8s
- k8s_exec
- k8s_info
- k8s_log
- k8s_scale
- k8s_service
- k8s_cluster_info
- k8s_cp
- k8s_drain
- k8s_exec
- k8s_info
- k8s_json_patch
- k8s_log
- k8s_rollback
- k8s_scale
- k8s_service
plugin_routing:
inventory:

58
plugins/action/k8s_info.py
View File

@@ -22,33 +22,20 @@ from ansible.errors import (
)
from ansible.module_utils._text import to_bytes, to_native, to_text
from ansible.module_utils.parsing.convert_bool import boolean
from ansible.module_utils.six import iteritems, string_types
from ansible.plugins.action import ActionBase
try:
from ansible.template import trust_as_template
except ImportError:
trust_as_template = None
class RemoveOmit(object):
def __init__(self, buffer, omit_value):
def _from_yaml_to_definition(buffer):
try:
import yaml
except ImportError:
raise AnsibleError("Failed to import the required Python library (PyYAML).")
self.data = yaml.safe_load_all(buffer)
self.omit = omit_value
def remove_omit(self, data):
if isinstance(data, dict):
result = dict()
for key, value in iteritems(data):
if value == self.omit:
continue
result[key] = self.remove_omit(value)
return result
if isinstance(data, list):
return [self.remove_omit(v) for v in data if v != self.omit]
return data
def output(self):
return [self.remove_omit(d) for d in self.data]
return list(yaml.safe_load_all(buffer))
ENV_KUBECONFIG_PATH_SEPARATOR = ";" if platform.system() == "Windows" else ":"
@@ -112,7 +99,7 @@ class ActionModule(ActionBase):
"trim_blocks": True,
"lstrip_blocks": False,
}
if isinstance(template, string_types):
if isinstance(template, str):
# treat this as raw_params
template_param["path"] = template
elif isinstance(template, dict):
@@ -132,7 +119,7 @@ class ActionModule(ActionBase):
):
if s_type in template_args:
value = ensure_type(template_args[s_type], "string")
if value is not None and not isinstance(value, string_types):
if value is not None and not isinstance(value, str):
raise AnsibleActionFail(
"%s is expected to be a string, but got %s instead"
% (s_type, type(value))
@@ -207,9 +194,8 @@ class ActionModule(ActionBase):
"'template' is only a supported parameter for the 'k8s' module."
)
omit_value = task_vars.get("omit")
template_params = []
if isinstance(template, string_types) or isinstance(template, dict):
if isinstance(template, str) or isinstance(template, dict):
template_params.append(self.get_template_args(template))
elif isinstance(template, list):
for element in template:
@@ -230,6 +216,7 @@ class ActionModule(ActionBase):
old_vars = self._templar.available_variables
default_environment = {}
if trust_as_template is None:
for key in (
"newline_sequence",
"variable_start_string",
@@ -257,26 +244,35 @@ class ActionModule(ActionBase):
with self.get_template_data(template_item["path"]) as template_data:
# add ansible 'template' vars
temp_vars = copy.deepcopy(task_vars)
for key, value in iteritems(template_item):
overrides = {}
for key, value in template_item.items():
if hasattr(self._templar.environment, key):
if value is not None:
overrides[key] = value
if trust_as_template is None:
setattr(self._templar.environment, key, value)
else:
elif trust_as_template is None:
setattr(
self._templar.environment,
key,
default_environment.get(key),
)
self._templar.available_variables = temp_vars
if trust_as_template:
template_data = trust_as_template(template_data)
result = self._templar.template(
template_data,
preserve_trailing_newlines=True,
escape_backslashes=False,
overrides=overrides,
)
else:
result = self._templar.do_template(
template_data,
preserve_trailing_newlines=True,
escape_backslashes=False,
)
if omit_value is not None:
result_template.extend(RemoveOmit(result, omit_value).output())
else:
result_template.append(result)
result_template.extend(_from_yaml_to_definition(result))
self._templar.available_variables = old_vars
resource_definition = self._task.args.get("definition", None)
if not resource_definition:
@@ -306,7 +302,7 @@ class ActionModule(ActionBase):
)
def get_kubeconfig(self, kubeconfig, remote_transport, new_module_args):
if isinstance(kubeconfig, string_types):
if isinstance(kubeconfig, str):
# find the kubeconfig in the expected search path
if not remote_transport:
# kubeconfig is local

10
plugins/connection/kubectl.py
View File

@@ -265,6 +265,7 @@ import tempfile
from ansible.errors import AnsibleError, AnsibleFileNotFound
from ansible.module_utils._text import to_bytes
from ansible.module_utils.parsing.convert_bool import boolean
from ansible.module_utils.six.moves import shlex_quote
from ansible.parsing.yaml.loader import AnsibleLoader
from ansible.plugins.connection import BUFSIZE, ConnectionBase
@@ -324,9 +325,12 @@ class Connection(ConnectionBase):
# Build command options based on doc string
doc_yaml = AnsibleLoader(self.documentation).get_single_data()
for key in doc_yaml.get("options"):
if key.endswith("verify_ssl") and self.get_option(key) != "":
# Translate verify_ssl to skip_verify_ssl, and output as string
skip_verify_ssl = not self.get_option(key)
if key == "validate_certs" and self.get_option(key) != "":
# Translate validate_certs to --insecure-skip-tls-verify flag
# validate_certs=True means verify certs (don't skip verification)
# validate_certs=False means don't verify certs (skip verification)
validate_certs_value = boolean(self.get_option(key), strict=False)
skip_verify_ssl = not validate_certs_value
local_cmd.append(
"{0}={1}".format(
self.connection_options[key], str(skip_verify_ssl).lower()

38
plugins/lookup/k8s.py
View File

@@ -86,14 +86,48 @@ DOCUMENTATION = """
description:
- Provide a username for authenticating with the API. Can also be specified via K8S_AUTH_USERNAME environment
variable.
no_proxy:
description:
- The comma separated list of hosts/domains/IP/CIDR that shouldn't go through proxy.
Can also be specified via K8S_AUTH_NO_PROXY environment variable.
- Please note that this module does not pick up typical proxy settings from the environment (e.g. NO_PROXY).
- This feature requires kubernetes>=19.15.0.
When kubernetes library is less than 19.15.0, it fails even if no_proxy is set correctly.
type: str
password:
description:
- Provide a password for authenticating with the API. Can also be specified via K8S_AUTH_PASSWORD environment
variable.
proxy:
description:
- The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.
- Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).
type: str
proxy_headers:
description:
- The Header used for the HTTP proxy.
- Documentation can be found here
U(https://urllib3.readthedocs.io/en/latest/reference/urllib3.util.html?highlight=proxy_headers#urllib3.util.make_headers).
type: dict
suboptions:
proxy_basic_auth:
type: str
description:
- Colon-separated username:password for proxy basic authentication header.
- Can also be specified via K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH environment.
basic_auth:
type: str
description:
- Colon-separated username:password for basic authentication header.
- Can also be specified via K8S_AUTH_PROXY_HEADERS_BASIC_AUTH environment.
user_agent:
type: str
description:
- String representing the user-agent you want, such as foo/1.0.
- Can also be specified via K8S_AUTH_PROXY_HEADERS_USER_AGENT environment.
client_cert:
description:
- Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE
environment
- Path to a certificate used to authenticate with the API. Can also be specified via K8S_AUTH_CERT_FILE environment
variable.
aliases: [ cert_file ]
client_key:

56
plugins/module_utils/args_common.py
View File

@@ -1,16 +1,64 @@
from __future__ import absolute_import, division, print_function
from ansible.module_utils.six import string_types
__metaclass__ = type
import warnings
def list_dict_str(value):
if isinstance(value, (list, dict, string_types)):
if isinstance(value, (list, dict, str)):
return value
raise TypeError
def extract_sensitive_values_from_kubeconfig(kubeconfig_data):
"""
Extract only sensitive string values from kubeconfig data for no_log_values.
:arg kubeconfig_data: Dictionary containing kubeconfig data
:returns: Set of sensitive string values to be added to no_log_values
"""
values = set()
sensitive_fields = {
"token",
"password",
"secret",
"client-key-data",
"client-certificate-data",
"certificate-authority-data",
"api_key",
"access-token",
"refresh-token",
}
# Check API version and warn if not v1
if isinstance(kubeconfig_data, dict):
api_version = kubeconfig_data.get("apiVersion", "v1")
if api_version != "v1":
warnings.warn(
f"Kubeconfig API version '{api_version}' is not 'v1'. "
f"Sensitive field redaction is only guaranteed for API version 'v1'. "
f"Some sensitive data may not be properly redacted from the logs.",
UserWarning,
)
def _extract_recursive(data, current_path=""):
if isinstance(data, dict):
for key, value in data.items():
path = f"{current_path}.{key}" if current_path else key
if key in sensitive_fields:
if isinstance(value, str):
values.add(value)
else:
_extract_recursive(value, path)
elif isinstance(data, list):
for i, item in enumerate(data):
_extract_recursive(item, f"{current_path}[{i}]")
_extract_recursive(kubeconfig_data)
return values
AUTH_PROXY_HEADERS_SPEC = dict(
proxy_basic_auth=dict(type="str", no_log=True),
basic_auth=dict(type="str", no_log=True),
@@ -18,7 +66,7 @@ AUTH_PROXY_HEADERS_SPEC = dict(
)
AUTH_ARG_SPEC = {
"kubeconfig": {"type": "raw", "no_log": True},
"kubeconfig": {"type": "raw"},
"context": {},
"host": {},
"api_key": {"no_log": True},

32
plugins/module_utils/copy.py
View File

@@ -96,7 +96,7 @@ class K8SCopy(metaclass=ABCMeta):
return error, stdout, stderr
except Exception as e:
self.module.fail_json(
msg="Error while running/parsing from pod {1}/{2} command='{0}' : {3}".format(
msg="Error while running/parsing from pod {0}/{1} command='{2}' : {3}".format(
self.namespace, self.name, cmd, to_native(e)
)
)
@@ -278,11 +278,15 @@ class K8SCopyFromPod(K8SCopy):
def run(self):
self.files_to_copy = self.list_remote_files()
if self.files_to_copy == []:
# Using warn method instead of passing warnings to exit_json as it is
# deprecated in ansible-core>=2.19.0
self._module.warn(
"No file found from directory '{0}' into remote Pod.".format(
self.remote_path
)
)
self.module.exit_json(
changed=False,
warning="No file found from directory '{0}' into remote Pod.".format(
self.remote_path
),
)
self.copy()
@@ -435,11 +439,21 @@ def check_pod(svc):
try:
result = svc.client.get(resource, name=name, namespace=namespace)
containers = [
c["name"] for c in result.to_dict()["status"]["containerStatuses"]
]
if container and container not in containers:
containers = dict(
{
c["name"]: c
for cl in ["initContainerStatuses", "containerStatuses"]
for c in result.to_dict()["status"].get(cl, [])
}
)
if container and container not in containers.keys():
module.fail_json(msg="Pod has no container {0}".format(container))
return containers
if (
container
and container in containers
and not bool(containers[container].get("started", False))
):
module.fail_json(msg="Pod container {0} is not started".format(container))
return containers.keys()
except Exception as exc:
_fail(exc)

31
plugins/module_utils/helm.py
View File

@@ -15,7 +15,9 @@ import tempfile
import traceback
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
from ansible.module_utils.six import string_types
from ansible_collections.kubernetes.core.plugins.module_utils.args_common import (
extract_sensitive_values_from_kubeconfig,
)
from ansible_collections.kubernetes.core.plugins.module_utils.version import (
LooseVersion,
)
@@ -113,12 +115,19 @@ class AnsibleHelmModule(object):
kubeconfig_content = None
kubeconfig = self.params.get("kubeconfig")
if kubeconfig:
if isinstance(kubeconfig, string_types):
if isinstance(kubeconfig, str):
with open(os.path.expanduser(kubeconfig)) as fd:
kubeconfig_content = yaml.safe_load(fd)
elif isinstance(kubeconfig, dict):
kubeconfig_content = kubeconfig
# Redact sensitive fields from kubeconfig for logging purposes
if kubeconfig_content:
# Add original sensitive values to no_log_values to prevent them from appearing in logs
self._module.no_log_values.update(
extract_sensitive_values_from_kubeconfig(kubeconfig_content)
)
if self.params.get("ca_cert"):
ca_cert = self.params.get("ca_cert")
if LooseVersion(self.get_helm_version()) < LooseVersion("3.5.0"):
@@ -193,6 +202,24 @@ class AnsibleHelmModule(object):
return m.group(1)
return None
def validate_helm_version(self):
"""
Validate that Helm version is >=3.0.0 and <4.0.0.
Helm 4 is not yet supported.
"""
helm_version = self.get_helm_version()
if helm_version is None:
self.fail_json(msg="Unable to determine Helm version")
if (LooseVersion(helm_version) < LooseVersion("3.0.0")) or (
LooseVersion(helm_version) >= LooseVersion("4.0.0")
):
self.fail_json(
msg="Helm version must be >=3.0.0,<4.0.0, current version is {0}".format(
helm_version
)
)
def get_values(self, release_name, get_all=False):
"""
Get Values from deployed release

1
plugins/module_utils/helm_args_common.py
View File

@@ -16,7 +16,6 @@ HELM_AUTH_ARG_SPEC = dict(
type="raw",
aliases=["kubeconfig_path"],
fallback=(env_fallback, ["K8S_AUTH_KUBECONFIG"]),
no_log=True,
),
host=dict(type="str", fallback=(env_fallback, ["K8S_AUTH_HOST"])),
ca_cert=dict(

5
plugins/module_utils/k8s/client.py
View File

@@ -5,7 +5,6 @@ import hashlib
import os
from typing import Any, Dict, List, Optional
from ansible.module_utils.six import iteritems, string_types
from ansible_collections.kubernetes.core.plugins.module_utils.args_common import (
AUTH_ARG_MAP,
AUTH_ARG_SPEC,
@@ -115,7 +114,7 @@ def _load_config(auth: Dict) -> None:
"persist_config": auth.get("persist_config"),
}
if kubeconfig:
if isinstance(kubeconfig, string_types):
if isinstance(kubeconfig, str):
kubernetes.config.load_kube_config(config_file=kubeconfig, **optional_arg)
elif isinstance(kubeconfig, dict):
kubernetes.config.load_kube_config_from_dict(
@@ -163,7 +162,7 @@ def _create_configuration(auth: Dict):
except AttributeError:
configuration = kubernetes.client.Configuration()
for key, value in iteritems(auth):
for key, value in auth.items():
if key in AUTH_ARG_MAP.keys() and value is not None:
if key == "api_key":
setattr(

12
plugins/module_utils/k8s/core.py
View File

@@ -3,6 +3,9 @@ from typing import Optional
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
from ansible.module_utils.common.text.converters import to_text
from ansible_collections.kubernetes.core.plugins.module_utils.args_common import (
extract_sensitive_values_from_kubeconfig,
)
from ansible_collections.kubernetes.core.plugins.module_utils.version import (
LooseVersion,
)
@@ -33,6 +36,15 @@ class AnsibleK8SModule:
self._module = self.settings["module_class"](**kwargs)
# Apply kubeconfig redaction for logging purposes
if hasattr(self._module, "params") and hasattr(self._module, "no_log_values"):
kubeconfig = self._module.params.get("kubeconfig")
if kubeconfig and isinstance(kubeconfig, dict):
# Add sensitive values to no_log_values to prevent them from appearing in logs
self._module.no_log_values.update(
extract_sensitive_values_from_kubeconfig(kubeconfig)
)
if self.settings["check_k8s"]:
self.requires("kubernetes")
self.has_at_least("kubernetes", "24.2.0", warn=True)

5
plugins/module_utils/k8s/resource.py
View File

@@ -4,7 +4,6 @@
import os
from typing import Dict, Iterable, List, Optional, Union, cast
from ansible.module_utils.six import string_types
from ansible.module_utils.urls import Request
try:
@@ -78,11 +77,11 @@ def create_definitions(params: Dict) -> List[ResourceDefinition]:
def from_yaml(definition: Union[str, List, Dict]) -> Iterable[Dict]:
"""Load resource definitions from a yaml definition."""
definitions: List[Dict] = []
if isinstance(definition, string_types):
if isinstance(definition, str):
definitions += yaml.safe_load_all(definition)
elif isinstance(definition, list):
for item in definition:
if isinstance(item, string_types):
if isinstance(item, str):
definitions += yaml.safe_load_all(item)
else:
definitions.append(item)

9
plugins/module_utils/k8s/service.py
View File

@@ -473,7 +473,7 @@ class K8sService:
if label_selectors:
params["label_selector"] = ",".join(label_selectors)
if delete_options:
if delete_options and not self.module.check_mode:
body = {
"apiVersion": "v1",
"kind": "DeleteOptions",
@@ -498,8 +498,8 @@ def diff_objects(
if not diff:
return True, result
result["before"] = diff[0]
result["after"] = diff[1]
result["before"] = hide_fields(diff[0], hidden_fields)
result["after"] = hide_fields(diff[1], hidden_fields)
if list(result["after"].keys()) == ["metadata"] and list(
result["before"].keys()
@@ -512,9 +512,6 @@ def diff_objects(
).issubset(ignored_keys):
return True, result
result["before"] = hide_fields(result["before"], hidden_fields)
result["after"] = hide_fields(result["after"], hidden_fields)
return False, result

115
plugins/modules/helm.py
View File

@@ -145,6 +145,16 @@ options:
required: false
default: True
version_added: 3.0.0
reset_then_reuse_values:
description:
- When upgrading package, reset the values to the ones built into the chart, apply the last release's values and merge in any overrides from
parameters O(release_values), O(values_files) or O(set_values).
- If O(reset_values) or O(reuse_values) is set to V(True), this is ignored.
- This feature requires helm diff >= 3.9.12.
type: bool
required: false
default: False
version_added: 6.0.0
#Helm options
disable_hook:
@@ -218,6 +228,15 @@ options:
- mutually exclusive with with C(replace).
type: int
version_added: 2.2.0
insecure_skip_tls_verify:
description:
- Skip tls certificate checks for the chart download.
- Do not confuse with the C(validate_certs) option.
- This option is only available for helm >= 3.16.0.
type: bool
default: False
aliases: [ skip_tls_certs_check ]
version_added: 5.3.0
extends_documentation_fragment:
- kubernetes.core.helm_common_options
"""
@@ -373,9 +392,18 @@ status:
returned: always
description: The Date of last update
values:
type: str
type: dict
returned: always
description: Dict of Values used to deploy
description:
- Dict of Values used to deploy.
- This return value has been deprecated and will be removed in a release after
2027-01-08. Use RV(status.release_values) instead.
release_values:
type: dict
returned: always
description:
- Dict of Values used to deploy.
version_added: 6.3.0
stdout:
type: str
description: Full `helm` command stdout, in case you want to display it or examine the event log
@@ -455,7 +483,8 @@ def get_release_status(module, release_name, all_status=False):
if release is None: # not install
return None
release["values"] = module.get_values(release_name)
release["release_values"] = module.get_values(release_name)
release["values"] = release["release_values"]
return release
@@ -476,12 +505,15 @@ def run_dep_update(module, chart_ref):
rc, out, err = module.run_helm_command(dep_update)
def fetch_chart_info(module, command, chart_ref):
def fetch_chart_info(module, command, chart_ref, insecure_skip_tls_verify=False):
"""
Get chart info
"""
inspect_command = command + f" show chart '{chart_ref}'"
if insecure_skip_tls_verify:
inspect_command += " --insecure-skip-tls-verify"
rc, out, err = module.run_helm_command(inspect_command)
return yaml.safe_load(out)
@@ -509,6 +541,8 @@ def deploy(
set_value_args=None,
reuse_values=None,
reset_values=True,
reset_then_reuse_values=False,
insecure_skip_tls_verify=False,
):
"""
Install/upgrade/rollback release chart
@@ -526,6 +560,17 @@ def deploy(
if reuse_values is not None:
deploy_command += " --reuse-values=" + str(reuse_values)
if reset_then_reuse_values:
helm_version = module.get_helm_version()
if LooseVersion(helm_version) < LooseVersion("3.14.0"):
module.fail_json(
msg="reset_then_reuse_values requires helm >= 3.14.0, current version is {0}".format(
helm_version
)
)
else:
deploy_command += " --reset-then-reuse-values"
if wait:
deploy_command += " --wait"
if wait_timeout is not None:
@@ -549,6 +594,17 @@ def deploy(
if create_namespace:
deploy_command += " --create-namespace"
if insecure_skip_tls_verify:
helm_version = module.get_helm_version()
if LooseVersion(helm_version) < LooseVersion("3.16.0"):
module.fail_json(
msg="insecure_skip_tls_verify requires helm >= 3.16.0, current version is {0}".format(
helm_version
)
)
else:
deploy_command += " --insecure-skip-tls-verify"
if values_files:
for value_file in values_files:
deploy_command += " --values=" + value_file
@@ -642,6 +698,8 @@ def helmdiff_check(
set_value_args=None,
reuse_values=None,
reset_values=True,
reset_then_reuse_values=False,
insecure_skip_tls_verify=False,
):
"""
Use helm diff to determine if a release would change by upgrading a chart.
@@ -676,6 +734,27 @@ def helmdiff_check(
if reuse_values:
cmd += " --reuse-values"
if reset_then_reuse_values:
helm_diff_version = get_plugin_version("diff")
helm_version = module.get_helm_version()
fail_msg = ""
if LooseVersion(helm_diff_version) < LooseVersion("3.9.12"):
fail_msg = "reset_then_reuse_values requires helm diff >= 3.9.12, current version is {0}\n".format(
helm_diff_version
)
if LooseVersion(helm_version) < LooseVersion("3.14.0"):
fail_msg += "reset_then_reuse_values requires helm >= 3.14.0, current version is {0}\n".format(
helm_version
)
if fail_msg:
module.fail_json(msg=fail_msg)
else:
cmd += " --reset-then-reuse-values"
if insecure_skip_tls_verify:
cmd += " --insecure-skip-tls-verify"
rc, out, err = module.run_helm_command(cmd)
return (len(out.strip()) > 0, out.strip())
@@ -735,6 +814,10 @@ def argument_spec():
set_values=dict(type="list", elements="dict"),
reuse_values=dict(type="bool"),
reset_values=dict(type="bool", default=True),
reset_then_reuse_values=dict(type="bool", default=False),
insecure_skip_tls_verify=dict(
type="bool", default=False, aliases=["skip_tls_certs_check"]
),
)
)
return arg_spec
@@ -759,6 +842,9 @@ def main():
if not IMP_YAML:
module.fail_json(msg=missing_required_lib("yaml"), exception=IMP_YAML_ERR)
# Validate Helm version >=3.0.0,<4.0.0
module.validate_helm_version()
changed = False
chart_ref = module.params.get("chart_ref")
@@ -787,6 +873,8 @@ def main():
set_values = module.params.get("set_values")
reuse_values = module.params.get("reuse_values")
reset_values = module.params.get("reset_values")
reset_then_reuse_values = module.params.get("reset_then_reuse_values")
insecure_skip_tls_verify = module.params.get("insecure_skip_tls_verify")
if update_repo_cache:
run_repo_update(module)
@@ -824,7 +912,9 @@ def main():
helm_cmd += " --repo=" + chart_repo_url
# Fetch chart info to have real version and real name for chart_ref from archive, folder or url
chart_info = fetch_chart_info(module, helm_cmd, chart_ref)
chart_info = fetch_chart_info(
module, helm_cmd, chart_ref, insecure_skip_tls_verify
)
if dependency_update:
if chart_info.get("dependencies"):
@@ -883,6 +973,8 @@ def main():
set_value_args=set_value_args,
reuse_values=reuse_values,
reset_values=reset_values,
reset_then_reuse_values=reset_then_reuse_values,
insecure_skip_tls_verify=insecure_skip_tls_verify,
)
changed = True
@@ -908,6 +1000,8 @@ def main():
set_value_args,
reuse_values=reuse_values,
reset_values=reset_values,
reset_then_reuse_values=reset_then_reuse_values,
insecure_skip_tls_verify=insecure_skip_tls_verify,
)
if would_change and module._diff:
opt_result["diff"] = {"prepared": prepared}
@@ -943,14 +1037,21 @@ def main():
set_value_args=set_value_args,
reuse_values=reuse_values,
reset_values=reset_values,
reset_then_reuse_values=reset_then_reuse_values,
insecure_skip_tls_verify=insecure_skip_tls_verify,
)
changed = True
if module.check_mode:
check_status = {"values": {"current": {}, "declared": {}}}
check_status = {
"values": {"current": {}, "declared": {}},
"release_values": {"current": {}, "declared": {}},
}
if release_status:
check_status["values"]["current"] = release_status["values"]
check_status["values"]["current"] = release_status["release_values"]
check_status["values"]["declared"] = release_status
check_status["release_values"]["current"] = release_status["release_values"]
check_status["release_values"]["declared"] = release_status
module.exit_json(
changed=changed,

19
plugins/modules/helm_info.py
View File

@@ -115,9 +115,18 @@ status:
returned: always
description: The Date of last update
values:
type: str
type: dict
returned: always
description: Dict of Values used to deploy
description:
- Dict of Values used to deploy
- This return value has been deprecated and will be removed in a release after
2027-01-08. Use RV(status.release_values) instead.
release_values:
type: dict
returned: always
description:
- Dict of Values used to deploy.
version_added: 6.3.0
hooks:
type: list
elements: dict
@@ -202,7 +211,8 @@ def get_release_status(module, release_name, release_state, get_all_values=False
if release is None: # not install
return None
release["values"] = module.get_values(release_name, get_all_values)
release["release_values"] = module.get_values(release_name, get_all_values)
release["values"] = release["release_values"]
release["manifest"] = module.get_manifest(release_name)
release["notes"] = module.get_notes(release_name)
release["hooks"] = module.get_hooks(release_name)
@@ -235,6 +245,9 @@ def main():
if not IMP_YAML:
module.fail_json(msg=missing_required_lib("yaml"), exception=IMP_YAML_ERR)
# Validate Helm version >=3.0.0,<4.0.0
module.validate_helm_version()
release_name = module.params.get("release_name")
release_state = module.params.get("release_state")
get_all_values = module.params.get("get_all_values")

3
plugins/modules/helm_plugin.py
View File

@@ -161,6 +161,9 @@ def main():
mutually_exclusive=mutually_exclusive(),
)
# Validate Helm version >=3.0.0,<4.0.0
module.validate_helm_version()
state = module.params.get("state")
helm_cmd_common = module.get_helm_binary() + " plugin"

3
plugins/modules/helm_plugin_info.py
View File

@@ -98,6 +98,9 @@ def main():
supports_check_mode=True,
)
# Validate Helm version >=3.0.0,<4.0.0
module.validate_helm_version()
plugin_name = module.params.get("plugin_name")
plugin_list = []

234
plugins/modules/helm_pull.py
View File

@@ -21,7 +21,7 @@ description:
- There are options for unpacking the chart after download.
requirements:
- "helm >= 3.0 (https://github.com/helm/helm/releases)"
- "helm >= 3.0, <4.0.0 (https://github.com/helm/helm/releases)"
options:
chart_ref:
@@ -75,9 +75,10 @@ options:
skip_tls_certs_check:
description:
- Whether or not to check tls certificate for the chart download.
- Requires helm >= 3.3.0.
- Requires helm >= 3.3.0. Alias C(insecure_skip_tls_verify) added in 5.3.0.
type: bool
default: False
aliases: [ insecure_skip_tls_verify ]
chart_devel:
description:
- Use development versions, too. Equivalent to version '>0.0.0-0'.
@@ -88,6 +89,14 @@ options:
- if set to true, will untar the chart after downloading it.
type: bool
default: False
force:
description:
- Force download of the chart even if it already exists in the destination directory.
- By default, the module will skip downloading if the chart with the same version already exists for idempotency.
- When used with O(untar_chart=true), will remove any existing chart directory before extracting.
type: bool
default: False
version_added: 6.3.0
destination:
description:
- location to write the chart.
@@ -144,6 +153,23 @@ EXAMPLES = r"""
destination: /path/to/chart
username: myuser
password: mypassword123
- name: Download Chart (force re-download even if exists)
kubernetes.core.helm_pull:
chart_ref: redis
repo_url: https://charts.bitnami.com/bitnami
chart_version: '17.0.0'
destination: /path/to/chart
force: yes
- name: Download and untar chart (force re-extraction even if directory exists)
kubernetes.core.helm_pull:
chart_ref: redis
repo_url: https://charts.bitnami.com/bitnami
chart_version: '17.0.0'
destination: /path/to/chart
untar_chart: yes
force: yes
"""
RETURN = r"""
@@ -162,6 +188,11 @@ command:
description: Full `helm pull` command built by this module, in case you want to re-run the command outside the module or debug a problem.
returned: always
sample: helm pull --repo test ...
msg:
type: str
description: A message indicating the result of the operation.
returned: when chart already exists
sample: Chart redis version 17.0.0 already exists in destination directory
rc:
type: int
description: Helm pull command return code
@@ -169,6 +200,18 @@ rc:
sample: 1
"""
import os
import shutil
import tarfile
import uuid
try:
import yaml
HAS_YAML = True
except ImportError:
HAS_YAML = False
from ansible_collections.kubernetes.core.plugins.module_utils.helm import (
AnsibleHelmModule,
)
@@ -177,6 +220,115 @@ from ansible_collections.kubernetes.core.plugins.module_utils.version import (
)
def extract_chart_name(chart_ref):
"""
Extract chart name from chart reference.
Args:
chart_ref (str): Chart reference (name, URL, or OCI reference)
Returns:
str: Extracted chart name
"""
chart_name = chart_ref.split("/")[-1]
# Remove any query parameters or fragments from URL-based refs
if "?" in chart_name:
chart_name = chart_name.split("?")[0]
if "#" in chart_name:
chart_name = chart_name.split("#")[0]
# Remove .tgz extension if present
if chart_name.endswith(".tgz"):
chart_name = chart_name[:-4]
return chart_name
def chart_exists(destination, chart_ref, chart_version, untar_chart):
"""
Check if the chart already exists in the destination directory.
For untarred charts: check if directory exists with Chart.yaml matching version
For tarred charts: check if .tgz file exists and contains matching version
Args:
destination (str): Destination directory path
chart_ref (str): Chart reference (name or URL)
chart_version (str): Chart version to check for
untar_chart (bool): Whether to check for untarred or tarred chart
Returns:
bool: True if chart with matching version exists, False otherwise
"""
# YAML is required for version checking
if not HAS_YAML:
return False
# Without version, we can't reliably check
if not chart_version:
return False
# Extract chart name from chart_ref using shared helper
chart_name = extract_chart_name(chart_ref)
if untar_chart:
# Check for extracted directory
chart_dir = os.path.join(destination, chart_name)
chart_yaml_path = os.path.join(chart_dir, "Chart.yaml")
if os.path.isdir(chart_dir) and os.path.isfile(chart_yaml_path):
try:
with open(chart_yaml_path, "r", encoding="utf-8") as chart_file:
chart_metadata = yaml.safe_load(chart_file)
# Ensure chart_metadata is a dict and has a version that matches
if (
chart_metadata
and isinstance(chart_metadata, dict)
and chart_metadata.get("version") == chart_version
and chart_metadata.get("name") == chart_name
):
return True
except (yaml.YAMLError, IOError, OSError, TypeError):
# If we can't read or parse the file, treat as non-existent
pass
else:
# Check for .tgz file
chart_file = os.path.join(destination, f"{chart_name}-{chart_version}.tgz")
if os.path.isfile(chart_file):
try:
# Verify it's a valid tarball with matching version
with tarfile.open(chart_file, "r:gz") as tar:
# Try to extract Chart.yaml to verify version
# Look for Chart.yaml at the expected path: <chart-name>/Chart.yaml
expected_chart_yaml = f"{chart_name}/Chart.yaml"
try:
member = tar.getmember(expected_chart_yaml)
chart_yaml_file = tar.extractfile(member)
if chart_yaml_file:
try:
chart_metadata = yaml.safe_load(chart_yaml_file)
# Ensure chart_metadata is a dict and has a version that matches
if (
chart_metadata
and isinstance(chart_metadata, dict)
and chart_metadata.get("version") == chart_version
and chart_metadata.get("name") == chart_name
):
return True
except (yaml.YAMLError, TypeError):
# If we can't parse the YAML, treat as non-existent
pass
finally:
chart_yaml_file.close()
except KeyError:
# Chart.yaml not found at expected path
pass
except (tarfile.TarError, yaml.YAMLError, IOError, OSError, TypeError):
# If we can't read or parse the tarball, treat as non-existent
pass
return False
def main():
argspec = dict(
chart_ref=dict(type="str", required=True),
@@ -190,9 +342,12 @@ def main():
type="str", no_log=True, aliases=["password", "chart_repo_password"]
),
pass_credentials=dict(type="bool", default=False, no_log=False),
skip_tls_certs_check=dict(type="bool", default=False),
skip_tls_certs_check=dict(
type="bool", default=False, aliases=["insecure_skip_tls_verify"]
),
chart_devel=dict(type="bool"),
untar_chart=dict(type="bool", default=False),
force=dict(type="bool", default=False),
destination=dict(type="path", required=True),
chart_ca_cert=dict(type="path"),
chart_ssl_cert_file=dict(type="path"),
@@ -209,13 +364,10 @@ def main():
mutually_exclusive=[("chart_version", "chart_devel")],
)
# Validate Helm version >=3.0.0,<4.0.0
module.validate_helm_version()
helm_version = module.get_helm_version()
if LooseVersion(helm_version) < LooseVersion("3.0.0"):
module.fail_json(
msg="This module requires helm >= 3.0.0, current version is {0}".format(
helm_version
)
)
helm_pull_opt_versionning = dict(
skip_tls_certs_check="3.3.0",
@@ -273,8 +425,72 @@ def main():
module.params.get("chart_ref"),
" ".join(helm_pull_opts),
)
# Check if chart already exists (idempotency)
if module.params.get("chart_version") and not module.params.get("force"):
chart_exists_locally = chart_exists(
module.params.get("destination"),
module.params.get("chart_ref"),
module.params.get("chart_version"),
module.params.get("untar_chart"),
)
if chart_exists_locally:
module.exit_json(
failed=False,
changed=False,
msg="Chart {0} version {1} already exists in destination directory".format(
module.params.get("chart_ref"), module.params.get("chart_version")
),
command="",
stdout="",
stderr="",
rc=0,
)
# When both untar_chart and force are enabled, we need to remove the existing chart directory
# BEFORE running helm pull to prevent helm's "directory already exists" error.
# We do this by:
# 1. Renaming the existing directory to a temporary name (if it exists)
# 2. Running helm pull
# 3. On success: remove the temporary directory
# 4. On failure: restore the temporary directory and report the error
chart_dir_renamed = False
chart_dir = None
chart_dir_backup = None
if module.params.get("untar_chart") and module.params.get("force"):
chart_name = extract_chart_name(module.params.get("chart_ref"))
chart_dir = os.path.join(module.params.get("destination"), chart_name)
# Check if directory exists and contains a Chart.yaml (to be safe)
if os.path.isdir(chart_dir):
chart_yaml_path = os.path.join(chart_dir, "Chart.yaml")
# Only rename if it looks like a Helm chart directory (have Chart.yaml)
if os.path.isfile(chart_yaml_path):
if not module.check_mode:
# Rename to temporary backup name using uuid for uniqueness
backup_suffix = uuid.uuid4().hex[:8]
chart_dir_backup = os.path.join(
module.params.get("destination"),
f".{chart_name}_backup_{backup_suffix}",
)
os.rename(chart_dir, chart_dir_backup)
chart_dir_renamed = True
if not module.check_mode:
rc, out, err = module.run_helm_command(helm_cmd_common, fails_on_error=False)
# Handle cleanup/restore based on helm command result
if chart_dir_renamed:
if rc == 0:
# Success: remove the backup directory
if os.path.isdir(chart_dir_backup):
shutil.rmtree(chart_dir_backup)
else:
# Failure: restore the backup directory
if os.path.isdir(chart_dir_backup) and not os.path.exists(chart_dir):
os.rename(chart_dir_backup, chart_dir)
else:
rc, out, err = (0, "", "")

16
plugins/modules/helm_registry_auth.py
View File

@@ -20,7 +20,7 @@ author:
- Yuriy Novostavskiy (@yurnov)
requirements:
- "helm (https://github.com/helm/helm/releases) => 3.8.0"
- "helm (https://github.com/helm/helm/releases) >= 3.8.0, <4.0.0"
description:
- Helm registry authentication module allows you to login C(helm registry login) and logout C(helm registry logout) from a Helm registry.
@@ -31,6 +31,7 @@ options:
- Desired state of the registry.
- If set to V(present) attempt to log in to the remote registry server using the URL specified in O(host).
- If set to V(absent) attempt to log out from the remote registry server using the URL specified in O(host).
- As helm >= 3.18.0 reports successful logout even if the user is not logged in, this module will report a change regardless of the current state.
required: false
default: present
choices: ['present', 'absent']
@@ -129,6 +130,9 @@ failed:
from ansible_collections.kubernetes.core.plugins.module_utils.helm import (
AnsibleHelmModule,
)
from ansible_collections.kubernetes.core.plugins.module_utils.version import (
LooseVersion,
)
def arg_spec():
@@ -190,6 +194,9 @@ def main():
supports_check_mode=True,
)
# Validate Helm version >=3.0.0,<4.0.0
module.validate_helm_version()
changed = False
host = module.params.get("host")
@@ -231,6 +238,13 @@ def main():
command=helm_cmd,
)
helm_version = module.get_helm_version()
if LooseVersion(helm_version) >= LooseVersion("3.18.0") and state == "absent":
# https://github.com/ansible-collections/kubernetes.core/issues/944
module.warn(
"The helm_registry_auth is not idempotent with helm >= 3.18.0, always report a change."
)
module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd)

19
plugins/modules/helm_repository.py
View File

@@ -119,6 +119,13 @@ options:
aliases: [ force ]
default: False
version_added: 2.4.0
insecure_skip_tls_verify:
description:
- Skip tls certificate checks for the repository url.
type: bool
default: False
aliases: [ skip_tls_certs_check ]
version_added: "5.3.0"
"""
EXAMPLES = r"""
@@ -226,6 +233,7 @@ def install_repository(
repository_password,
pass_credentials,
force_update,
insecure_skip_tls_verify,
):
install_command = command + " repo add " + repository_name + " " + repository_url
@@ -239,6 +247,9 @@ def install_repository(
if force_update:
install_command += " --force-update"
if insecure_skip_tls_verify:
install_command += " --insecure-skip-tls-verify"
return install_command
@@ -262,6 +273,9 @@ def argument_spec():
),
pass_credentials=dict(type="bool", default=False, no_log=True),
force_update=dict(type="bool", default=False, aliases=["force"]),
insecure_skip_tls_verify=dict(
type="bool", default=False, aliases=["skip_tls_certs_check"]
),
)
)
return arg_spec
@@ -281,6 +295,9 @@ def main():
if not IMP_YAML:
module.fail_json(msg=missing_required_lib("yaml"), exception=IMP_YAML_ERR)
# Validate Helm version >=3.0.0,<4.0.0
module.validate_helm_version()
changed = False
repo_name = module.params.get("repo_name")
@@ -290,6 +307,7 @@ def main():
repo_state = module.params.get("repo_state")
pass_credentials = module.params.get("pass_credentials")
force_update = module.params.get("force_update")
insecure_skip_tls_verify = module.params.get("insecure_skip_tls_verify")
helm_cmd = module.get_helm_binary()
@@ -308,6 +326,7 @@ def main():
repo_password,
pass_credentials,
force_update,
insecure_skip_tls_verify,
)
changed = True
elif repository_status["url"] != repo_url:

3
plugins/modules/helm_template.py
View File

@@ -331,6 +331,9 @@ def main():
if not IMP_YAML:
module.fail_json(msg=missing_required_lib("yaml"), exception=IMP_YAML_ERR)
# Validate Helm version >=3.0.0,<4.0.0
module.validate_helm_version()
helm_cmd = module.get_helm_binary()
if update_repo_cache:

54
plugins/modules/k8s.py
View File

@@ -383,28 +383,24 @@ result:
contains:
api_version:
description: The versioned schema of this representation of an object.
returned: success
returned: when O(resource_definition) or O(src) contains a single object.
type: str
kind:
description: Represents the REST resource this object represents.
returned: success
returned: when O(resource_definition) or O(src) contains a single object.
type: str
metadata:
description: Standard object metadata. Includes name, namespace, annotations, labels, etc.
returned: success
returned: when O(resource_definition) or O(src) contains a single object.
type: complex
spec:
description: Specific attributes of the object. Will vary based on the I(api_version) and I(kind).
returned: success
returned: when O(resource_definition) or O(src) contains a single object.
type: complex
status:
description: Current status details for the object.
returned: success
returned: when O(resource_definition) or O(src) contains a single object.
type: complex
items:
description: Returned only when multiple yaml documents are passed to src or resource_definition
returned: when resource_definition or src contains list of objects
type: list
duration:
description: elapsed time of task in seconds
returned: when C(wait) is true
@@ -414,6 +410,46 @@ result:
description: error while trying to create/delete the object.
returned: error
type: complex
results:
description: An array of created, patched, or otherwise present objects.
returned: when O(resource_definition) or O(src) contains a list of objects.
type: complex
contains:
api_version:
description: The versioned schema of this representation of an object.
returned: when O(resource_definition) or O(src) contains a single object.
type: str
kind:
description: Represents the REST resource this object represents.
returned: when O(resource_definition) or O(src) contains a single object.
type: str
metadata:
description: Standard object metadata. Includes name, namespace, annotations, labels, etc.
returned: when O(resource_definition) or O(src) contains a single object.
type: complex
spec:
description: Specific attributes of the object. Will vary based on the I(api_version) and I(kind).
returned: when O(resource_definition) or O(src) contains a single object.
type: complex
status:
description: Current status details for the object.
returned: when O(resource_definition) or O(src) contains a single object.
type: complex
duration:
description: elapsed time of task in seconds
returned: when C(wait) is true
type: int
sample: 48
error:
description: error while trying to create/delete the object.
returned: error
type: complex
method:
description:
- The method used to deploy the resource.
returned: success
type: str
sample: create
"""
import copy

1
plugins/modules/k8s_cp.py
View File

@@ -79,6 +79,7 @@ options:
notes:
- the tar binary is required on the container when copying from local filesystem to pod.
- the (init) container has to be started before you copy files or directories to it.
"""
EXAMPLES = r"""

3
plugins/modules/k8s_drain.py
View File

@@ -441,7 +441,8 @@ class K8sDrainAnsible(object):
warnings.append(warn)
result.append("{0} Pod(s) deleted from node.".format(number_pod))
if warnings:
return dict(result=" ".join(result), warnings=warnings)
for warning in warnings:
self._module.warn(warning)
return dict(result=" ".join(result))
def patch_node(self, unschedulable):

15
plugins/modules/k8s_info.py
View File

@@ -120,6 +120,21 @@ EXAMPLES = r"""
namespace: default
wait_sleep: 10
wait_timeout: 360
- name: Wait for OpenShift bootstrap to complete
kubernetes.core.k8s_info:
api_version: v1
kind: ConfigMap
name: bootstrap
namespace: kube-system
register: ocp_bootstrap_status
until: >
ocp_bootstrap_status.resources is defined and
(ocp_bootstrap_status.resources | length > 0) and
(ocp_bootstrap_status.resources[0].data.status is defined) and
(ocp_bootstrap_status.resources[0].data.status == 'complete')
retries: 60
delay: 15
"""
RETURN = r"""

4
plugins/modules/k8s_rollback.py
View File

@@ -168,7 +168,9 @@ def perform_action(svc, resource):
module.params["kind"],
resource["metadata"]["name"],
)
result = {"changed": False, "warnings": [warn]}
if warn:
module.warn(warn)
result = {"changed": False}
return result
if module.params["kind"] == "Deployment":

6
plugins/modules/k8s_scale.py
View File

@@ -243,10 +243,12 @@ def execute_module(client, module):
module.fail_json(msg=error, **return_attributes)
def _continue_or_exit(warn):
if warn:
module.warn(warn)
if multiple_scale:
return_attributes["results"].append({"warning": warn, "changed": False})
return_attributes["results"].append({"changed": False})
else:
module.exit_json(warning=warn, **return_attributes)
module.exit_json(**return_attributes)
for existing in existing_items:
if kind.lower() == "job":

3
tests/integration/targets/helm/defaults/main.yml
View File

@@ -3,6 +3,7 @@ helm_default_archive_name: "helm-{{ helm_version }}-{{ ansible_system | lower }}
helm_binary: "/tmp/helm/{{ ansible_system | lower }}-amd64/helm"
chart_test: "ingress-nginx"
chart_test_oci: "oci://registry-1.docker.io/bitnamicharts/redis"
chart_test_local_path: "nginx-ingress"
chart_test_version: 4.2.4
chart_test_version_local_path: 1.32.0
@@ -26,3 +27,5 @@ test_namespace:
- "helm-from-url"
- "helm-reuse-values"
- "helm-chart-with-space-into-name"
- "helm-reset-then-reuse-values"
- "helm-insecure"

5
tests/integration/targets/helm/tasks/main.yml
View File

@@ -4,4 +4,7 @@
loop_control:
loop_var: helm_version
with_items:
- "v3.8.0"
- "v3.15.4"
- "v3.16.0"
- "v3.17.0"
- "v4.0.0"

32
tests/integration/targets/helm/tasks/run_test.yml
View File

@@ -13,10 +13,15 @@
include_role:
name: install_helm
- name: "Ensure we honor the environment variables"
include_tasks: test_read_envvars.yml
- name: Main helm tests with Helm v3
when: helm_version != "v4.0.0"
block:
- name: Deploy charts
- name: "Ensure we honor the environment variables"
include_tasks: test_read_envvars.yml
when: helm_version != "v4.0.0"
- name: Deploy charts
include_tasks: "tests_chart/{{ test_chart_type }}.yml"
loop_control:
loop_var: test_chart_type
@@ -25,22 +30,31 @@
- from_repository
- from_url
- name: test helm upgrade with reuse_values
- name: test helm upgrade with reuse_values
include_tasks: test_helm_reuse_values.yml
- name: test helm dependency update
- name: test helm upgrade with reset_then_reuse_values
include_tasks: test_helm_reset_then_reuse_values.yml
- name: test helm dependency update
include_tasks: test_up_dep.yml
- name: Test helm uninstall
- name: Test helm uninstall
include_tasks: test_helm_uninstall.yml
- name: Test helm install with chart name containing space
- name: Test helm install with chart name containing space
include_tasks: test_helm_with_space_into_chart_name.yml
# https://github.com/ansible-collections/community.kubernetes/issues/296
- name: Test Skip CRDS feature in helm chart install
# https://github.com/ansible-collections/community.kubernetes/issues/296
- name: Test Skip CRDS feature in helm chart install
include_tasks: test_crds.yml
- name: Test insecure registry flag feature
include_tasks: test_helm_insecure.yml
- name: Test helm version
include_tasks: test_helm_version.yml
- name: Clean helm install
file:
path: "{{ item }}"

11
tests/integration/targets/helm/tasks/test_crds.yml
View File

@@ -3,12 +3,23 @@
vars:
test_chart: "test-crds"
helm_namespace: "{{ test_namespace[0] }}"
helm_binary: helm
block:
- name: Create namespace
k8s:
kind: Namespace
name: "{{ helm_namespace }}"
- name: Check if CRD resource is already present
k8s_info:
namespace: default
kind: Foo
api_version: ansible.com/v1
ignore_errors: true
register: crd_check
- when: crd_check is failed
block:
- name: Copy test chart
copy:
src: "{{ test_chart }}"

52
tests/integration/targets/helm/tasks/test_helm_insecure.yml Normal file
View File

@@ -0,0 +1,52 @@
---
- name: Test helm insecure
vars:
helm_namespace: "{{ test_namespace[12] }}"
block:
- name: Initial chart installation (no flag set)
helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ chart_test_oci }}"
release_name: test-secure
release_namespace: "{{ helm_namespace }}"
create_namespace: true
register: install
- name: Validate that insecure flag is not set
assert:
that:
- install is changed
- '"--insecure-skip-tls-verify" not in install.command'
- name: Initial chart installation (insecure flag set)
helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ chart_test_oci }}"
release_name: test-insecure
release_namespace: "{{ helm_namespace }}"
insecure_skip_tls_verify: true
register: install
ignore_errors: true
- name: Validate that insecure flag IS set if helm version is >= 3.16.0
assert:
that:
- install is changed
- '"--insecure-skip-tls-verify" in install.command'
when: '"v3.16.0" <= helm_version'
- name: Validate that feature fails for helm < 3.16.0
assert:
that:
- install is failed
- '"insecure_skip_tls_verify requires helm >= 3.16.0" in install.msg'
when: 'helm_version < "v3.16.0"'
always:
- name: Remove helm namespace
k8s:
api_version: v1
kind: Namespace
name: "{{ helm_namespace }}"
state: absent

8
tests/integration/targets/helm/tasks/test_helm_not_installed.yml
View File

@@ -13,3 +13,11 @@
that:
- helm_missing_binary is failed
- "'No such file or directory' in helm_missing_binary.msg"
when: ansible_version.full is version('2.20', '<')
- name: Assert that helm is not installed (ansible 2.20+)
assert:
that:
- helm_missing_binary is failed
- "'Error executing command' in helm_missing_binary.msg"
when: ansible_version.full is version('2.20', '>=')

75
tests/integration/targets/helm/tasks/test_helm_reset_then_reuse_values.yml Normal file
View File

@@ -0,0 +1,75 @@
---
- name: Test helm reset_then_reuse_values
vars:
helm_namespace: "{{ test_namespace[11] }}"
chart_release_values:
replica:
replicaCount: 3
master:
count: 1
kind: Deployment
chart_reset_then_reuse_values:
replica:
replicaCount: 1
master:
count: 3
block:
- name: Initial chart installation
helm:
binary_path: "{{ helm_binary }}"
chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
create_namespace: true
release_values: "{{ chart_release_values }}"
register: install
- name: Get value set as string
helm_info:
binary_path: "{{ helm_binary }}"
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
register: release_value
- name: Validate that chart values are as expected
assert:
that:
- install is changed
- '"--reset-then-reuse-values" not in install.command'
- release_value["status"]["release_values"] == chart_release_values
- name: Upgrade chart using reset_then_reuse_values=true
helm:
binary_path: "{{ helm_binary }}"
chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
reuse_values: false
reset_values: false
reset_then_reuse_values: true
release_values: "{{ chart_reset_then_reuse_values }}"
register: upgrade
- name: Get value set as string
helm_info:
binary_path: "{{ helm_binary }}"
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
register: release_value
- name: Validate that chart values are as expected
assert:
that:
- upgrade is changed
- '"--reset-then-reuse-values" in upgrade.command'
- '"--reuse-values " not in upgrade.command'
- '"--reset-values" not in upgrade.command'
- release_value["status"]["release_values"] == chart_release_values | combine(chart_reset_then_reuse_values, recursive=true)
always:
- name: Remove helm namespace
k8s:
api_version: v1
kind: Namespace
name: "{{ helm_namespace }}"
state: absent

4
tests/integration/targets/helm/tasks/test_helm_reuse_values.yml
View File

@@ -36,7 +36,7 @@
that:
- install is changed
- '"--reuse-values=True" not in install.command'
- release_value["status"]["values"] == chart_release_values
- release_value["status"]["release_values"] == chart_release_values
- name: Upgrade chart using reuse_values=true
helm:
@@ -62,7 +62,7 @@
- upgrade is changed
- '"--reuse-values=True" in upgrade.command'
- '"--reset-values" not in upgrade.command'
- release_value["status"]["values"] == chart_release_values | combine(chart_reuse_values, recursive=true)
- release_value["status"]["release_values"] == chart_release_values | combine(chart_reuse_values, recursive=true)
always:
- name: Remove helm namespace

47
tests/integration/targets/helm/tasks/test_helm_version.yml Normal file
View File

@@ -0,0 +1,47 @@
---
- name: Test helm reuse_values
vars:
helm_namespace: "{{ test_namespace[12] }}"
chart_release_values:
replica:
replicaCount: 3
master:
count: 1
kind: Deployment
chart_reuse_values:
replica:
replicaCount: 1
master:
count: 3
block:
- name: Initial chart installation
helm:
binary_path: "{{ helm_binary }}"
chart_ref: oci://registry-1.docker.io/bitnamicharts/redis
release_name: test-redis
release_namespace: "{{ helm_namespace }}"
create_namespace: true
release_values: "{{ chart_release_values }}"
register: install
ignore_errors: true
when: helm_version == "v4.0.0"
- name: Debug install result
debug:
var: install
when: helm_version == "v4.0.0"
- name: Ensure helm installation was failed for v4.0.0
assert:
that:
- install is failed
- "'Helm version must be >=3.0.0,<4.0.0' in install.msg"
when: helm_version == "v4.0.0"
always:
- name: Remove helm namespace
k8s:
api_version: v1
kind: Namespace
name: "{{ helm_namespace }}"
state: absent

14
tests/integration/targets/helm/tasks/tests_chart.yml
View File

@@ -57,7 +57,7 @@
that:
- install_check_mode is changed
- install_check_mode.status is defined
- install_check_mode.status.values is defined
- install_check_mode.status.release_values is defined
- name: "Install {{ chart_test }} from {{ source }}"
helm:
@@ -131,7 +131,7 @@
- install is changed
- install.status.status | lower == 'deployed'
- install.status.chart == chart_test+"-"+chart_test_version
- "install.status['values'].revisionHistoryLimit == 0"
- "install.status['release_values'].revisionHistoryLimit == 0"
- name: Check idempotency after adding vars
helm:
@@ -149,7 +149,7 @@
- install is not changed
- install.status.status | lower == 'deployed'
- install.status.chart == chart_test+"-"+chart_test_version
- "install.status['values'].revisionHistoryLimit == 0"
- "install.status['release_values'].revisionHistoryLimit == 0"
- name: "Remove Vars to {{ chart_test }} from {{ source }}"
helm:
@@ -166,7 +166,7 @@
- install is changed
- install.status.status | lower == 'deployed'
- install.status.chart == chart_test+"-"+chart_test_version
- install.status['values'] == {}
- install.status['release_values'] == {}
- name: Check idempotency after removing vars
helm:
@@ -183,7 +183,7 @@
- install is not changed
- install.status.status | lower == 'deployed'
- install.status.chart == chart_test+"-"+chart_test_version
- install.status['values'] == {}
- install.status['release_values'] == {}
- name: "Upgrade {{ chart_test }} from {{ source }}"
helm:
@@ -317,7 +317,7 @@
- install is changed
- install.status.status | lower == 'deployed'
- install.status.chart == chart_test+"-"+chart_test_version
- "install.status['values'].revisionHistoryLimit == 0"
- "install.status['release_values'].revisionHistoryLimit == 0"
- name: "Install {{ chart_test }} from {{ source }} with values_files (again)"
helm:
@@ -402,7 +402,7 @@
namespace: "{{ helm_namespace }}"
create_namespace: true
context: does-not-exist
ignore_errors: yes
ignore_errors: true
register: result
- name: Assert that release fails with non-existent context

4
tests/integration/targets/helm_diff/tasks/main.yml
View File

@@ -10,7 +10,7 @@
binary_path: "{{ helm_binary }}"
state: present
plugin_path: https://github.com/databus23/helm-diff
plugin_version: 3.4.0
plugin_version: 3.9.13
- name: Copy test chart
copy:
@@ -324,3 +324,5 @@
ignore_errors: true
- include_tasks: reuse_values.yml
- include_tasks: reset_then_reuse_values.yml

189
tests/integration/targets/helm_diff/tasks/reset_then_reuse_values.yml Normal file
View File

@@ -0,0 +1,189 @@
---
- name: Create temporary directory for helm chart
tempfile:
suffix: .helm
state: directory
register: helm_dir
- name: Test helm diff functionality
vars:
test_chart_path: "{{ helm_dir.path }}/test-chart-reuse-values"
test_release_name: "myrelease"
block:
- name: Install helm diff
kubernetes.core.helm_plugin:
binary_path: "{{ helm_binary }}"
state: present
plugin_path: https://github.com/databus23/helm-diff
plugin_version: 3.9.14
- name: Copy test chart
ansible.builtin.copy:
src: "test-chart-reuse-values"
dest: "{{ helm_dir.path }}"
- name: Delete existing namespace
kubernetes.core.k8s:
state: absent
wait: true
kind: Namespace
name: "{{ helm_namespace }}"
ignore_errors: true
- name: Create helm release
kubernetes.core.helm:
state: present
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
create_namespace: true
release_values:
ansible_version: devel
phase: ci
wait: true
- name: Upgrade helm release (reset_values=false and reuse_values=false and reset_then_reuse_values=true)
kubernetes.core.helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
reset_values: false
reuse_values: false
reset_then_reuse_values: true
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
values:
ansible_version: devel
register: helm_upgrade
- name: Ensure task did not reported change
assert:
that:
- helm_upgrade is not changed
- name: Upgrade helm release (reset_then_reuse_values=true with default value for reset_values and reuse_values=false)
kubernetes.core.helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
reuse_values: false
reset_then_reuse_values: true
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
values:
ansible_version: devel
register: helm_upgrade
- name: Ensure task reported change
assert:
that:
- helm_upgrade is changed
# Delete helm and helm diff to install older version
- name: Uninstall helm diff
helm_plugin:
binary_path: "{{ helm_binary }}"
state: absent
plugin_name: diff
ignore_errors: true
- name: Delete Helm folders
file:
path: /tmp/helm/
state: absent
- name: Init Helm folders
file:
path: /tmp/helm
state: directory
- name: Set Helm old version
set_fact:
helm_archive_name: "helm-v3.8.0-linux-amd64.tar.gz"
helm_diff_old_version: "3.8.0"
- name: Unarchive Helm binary
unarchive:
src: "https://get.helm.sh/{{ helm_archive_name | default(helm_default_archive_name) }}"
dest: /tmp/helm/
remote_src: yes
retries: 10
delay: 5
register: result
until: result is not failed
- name: Upgrade helm release (with reset_then_reuse_values=true)
kubernetes.core.helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
reuse_values: false
reset_then_reuse_values: true
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
values:
ansible_version: test
register: helm_upgrade
ignore_errors: true
- name: Debug
debug:
var: helm_upgrade
- name: Ensure warning for Helm version
assert:
that:
- helm_upgrade is failed
- '"reset_then_reuse_values requires helm >= 3.14.0, current version is" in helm_upgrade.msg'
- name: Install helm diff
helm_plugin:
binary_path: "{{ helm_binary }}"
state: present
plugin_path: https://github.com/databus23/helm-diff
plugin_version: "{{ helm_diff_old_version }}"
- name: Upgrade helm release (with reset_then_reuse_values=true)
kubernetes.core.helm:
binary_path: "{{ helm_binary }}"
chart_ref: "{{ test_chart_path }}"
reuse_values: false
reset_then_reuse_values: true
release_name: "{{ test_release_name }}"
release_namespace: "{{ helm_namespace }}"
values:
ansible_version: devel
register: helm_upgrade
ignore_errors: true
- name: Debug
debug:
var: helm_upgrade
- name: Ensure warning for Helm Diff version
assert:
that:
- helm_upgrade is failed
- '"reset_then_reuse_values requires helm diff >= 3.9.12, current version is" in helm_upgrade.msg'
always:
- name: Remove temporary directory
file:
path: "{{ helm_dir.path }}"
state: absent
ignore_errors: true
- name: Uninstall helm diff
kubernetes.core.helm_plugin:
binary_path: "{{ helm_binary }}"
state: absent
plugin_name: diff
ignore_errors: true
- name: Remove helm namespace
kubernetes.core.k8s:
api_version: v1
kind: Namespace
name: "{{ helm_namespace }}"
state: absent
wait: true
ignore_errors: true

1
tests/integration/targets/helm_diff/tasks/reuse_values.yml
View File

@@ -90,4 +90,5 @@
kind: Namespace
name: "{{ helm_namespace }}"
state: absent
wait: true
ignore_errors: true

97
tests/integration/targets/helm_pull/tasks/main.yml
View File

@@ -47,7 +47,7 @@
assert:
that:
- _result is failed
- _result.msg == "This module requires helm >= 3.0.0, current version is 2.3.0"
- _result.msg == "Helm version must be >=3.0.0,<4.0.0, current version is 2.3.0"
vars:
helm_path: "{{ temp_dir }}/2.3.0/linux-amd64/helm"
@@ -221,6 +221,101 @@
- _chart.stat.exists
- _chart.stat.isdir
# Test idempotency with tarred chart
- name: Download chart with version (first time)
helm_pull:
binary_path: "{{ helm_path }}"
chart_ref: "oci://registry-1.docker.io/bitnamicharts/redis"
destination: "{{ destination }}"
chart_version: "24.1.0"
register: _result_first
- name: Download chart with version (second time - should be idempotent)
helm_pull:
binary_path: "{{ helm_path }}"
chart_ref: "oci://registry-1.docker.io/bitnamicharts/redis"
destination: "{{ destination }}"
chart_version: "24.1.0"
register: _result_second
- name: Validate idempotency for tarred chart
assert:
that:
- _result_first is changed
- _result_second is not changed
# Test force parameter with tarred chart
- name: Download chart with force=true (should always download)
helm_pull:
binary_path: "{{ helm_path }}"
chart_ref: "oci://registry-1.docker.io/bitnamicharts/redis"
destination: "{{ destination }}"
chart_version: "24.1.0"
force: true
register: _result_force
- name: Validate force parameter causes download
assert:
that:
- _result_force is changed
# Test idempotency with untarred chart in the separate folder
- name: Create separate directory for untar test under {{ temp_dir }}
ansible.builtin.file:
path: "{{ destination }}/untar_test"
state: directory
mode: '0755'
- name: Download and untar chart (first time)
helm_pull:
binary_path: "{{ helm_path }}"
chart_ref: "oci://registry-1.docker.io/bitnamicharts/redis"
destination: "{{ destination }}/untar_test"
chart_version: "24.0.0"
untar_chart: true
register: _result_untar_first
- name: Download and untar chart (second time - should be idempotent)
helm_pull:
binary_path: "{{ helm_path }}"
chart_ref: "oci://registry-1.docker.io/bitnamicharts/redis"
destination: "{{ destination }}/untar_test"
chart_version: "24.0.0"
untar_chart: true
register: _result_untar_second
- name: Validate idempotency for untarred chart
assert:
that:
- _result_untar_first is changed
- _result_untar_second is not changed
- name: Download and untar chart with force=true (should remove existing directory and re-extract)
helm_pull:
binary_path: "{{ helm_path }}"
chart_ref: "oci://registry-1.docker.io/bitnamicharts/redis"
destination: "{{ destination }}/untar_test"
chart_version: "24.0.0"
untar_chart: true
force: true
register: _result_untar_force
- name: Validate first force extraction works
assert:
that:
- _result_untar_force is changed
- name: Verify chart directory still exists after force re-extraction
stat:
path: "{{ destination }}/untar_test/redis"
register: _chart_after_force
- name: Validate chart directory exists
assert:
that:
- _chart_after_force.stat.exists
- _chart_after_force.stat.isdir
vars:
helm_path: "{{ temp_dir }}/3.8.0/linux-amd64/helm"

10
tests/integration/targets/helm_registry_auth/tasks/main.yaml
View File

@@ -108,6 +108,10 @@
assert:
that: "'Removing login credentials' in _helm_registry_auth_logout.stderr"
- name: Test idempotency of logout with helm < 3.18.0
when: _helm_version.stdout is ansible.builtin.version('v3.18.0', '<')
block:
- name: Test logout idempotency
helm_registry_auth:
host: localhost:{{ registry_port }}
@@ -133,8 +137,7 @@
# Helm binary prints the message to stderr
ansible.builtin.assert:
that:
- "'push access denied' in _save_chart.stderr"
- "'authorization failed' in _save_chart.stderr"
- "'push access denied' in _save_chart.stderr or 'basic credential not found' in _save_chart.stderr"
- "_save_chart.rc != 0"
- "'localhost:{{ registry_port }}' not in _config_json.content | b64decode"
@@ -155,7 +158,8 @@
- name: Assert that the registry is not logged in and auth data is not saved
ansible.builtin.assert:
that:
- "'401 Unauthorized' in _helm_registry_auth_wrong.stderr"
- "'401' in _helm_registry_auth_wrong.stderr"
- "'unauthorized' in _helm_registry_auth_wrong.stderr | lower"
- "'{{ wrong_password }}' not in _helm_registry_auth_correct.command"
- "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout"
- "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr"

2
tests/integration/targets/helm_repository/meta/main.yml
View File

@@ -1,3 +1,5 @@
---
collections:
- kubernetes.core
dependencies:
- install_helm

21
tests/integration/targets/helm_repository/tasks/main.yml
View File

@@ -16,6 +16,7 @@
assert:
that:
- repository is changed
- '"--insecure-skip-tls-verify" not in repository.command'
- name: Check idempotency
helm_repository:
@@ -78,3 +79,23 @@
assert:
that:
- repository is not changed
- name: Add test_helm_repo chart repository as insecure
helm_repository:
binary_path: "{{ helm_binary }}"
name: test_helm_repo
repo_url: "{{ chart_test_repo }}"
insecure_skip_tls_verify: true
register: repository
- name: Assert that repository added and flag set
assert:
that:
- repository is changed
- '"--insecure-skip-tls-verify" in repository.command'
- name: Clean test_helm_repo chart repository
helm_repository:
binary_path: "{{ helm_binary }}"
name: test_helm_repo
state: absent

20
tests/integration/targets/helm_set_values/tasks/main.yml
View File

@@ -20,10 +20,10 @@
- name: Assert that release was created with user-defined variables
assert:
that:
- '"phase" in user_values.status["values"]'
- '"versioned" in user_values.status["values"]'
- user_values.status["values"]["phase"] == "integration"
- user_values.status["values"]["versioned"] is false
- '"phase" in user_values.status["release_values"]'
- '"versioned" in user_values.status["release_values"]'
- user_values.status["release_values"]["phase"] == "integration"
- user_values.status["release_values"]["versioned"] is false
# install chart using set_values and release_values
- name: Install helm binary (> 3.10.0) requires to use set-json
@@ -55,10 +55,10 @@
- name: Assert that release was created with user-defined variables
assert:
that:
- values.status["values"].replicaCount == 3
- values.status["values"].master.image.registry == "docker.io"
- values.status["values"].master.image.repository == "bitnami/apache"
- values.status["values"].master.image.tag == "2.4.54-debian-11-r74"
- values.status["release_values"].replicaCount == 3
- values.status["release_values"].master.image.registry == "docker.io"
- values.status["release_values"].master.image.repository == "bitnami/apache"
- values.status["release_values"].master.image.tag == "2.4.54-debian-11-r74"
# install chart using set_values and values_files
- name: create temporary file to save values in
@@ -96,8 +96,8 @@
- name: Assert that release was created with user-defined variables
assert:
that:
- values.status["values"].mode == "distributed"
- values.status["values"].disableWebUI is true
- values.status["release_values"].mode == "distributed"
- values.status["release_values"].disableWebUI is true
always:
- name: Delete temporary file

2
tests/integration/targets/install_helm/defaults/main.yml
View File

@@ -1,4 +1,4 @@
---
helm_version: v3.8.0
helm_version: v3.16.4
helm_install_path: /tmp/helm
helm_default_archive_name: "helm-{{ helm_version }}-{{ ansible_system | lower }}-amd64.tar.gz"

38
tests/integration/targets/k8s_apply/defaults/main.yml
View File

@@ -1,42 +1,4 @@
---
k8s_pod_metadata:
labels:
app: "{{ k8s_pod_name }}"
k8s_pod_spec:
serviceAccount: "{{ k8s_pod_service_account }}"
containers:
- image: "{{ k8s_pod_image }}"
imagePullPolicy: Always
name: "{{ k8s_pod_name }}"
command: "{{ k8s_pod_command }}"
readinessProbe:
initialDelaySeconds: 15
exec:
command:
- /bin/true
resources: "{{ k8s_pod_resources }}"
ports: "{{ k8s_pod_ports }}"
env: "{{ k8s_pod_env }}"
k8s_pod_service_account: default
k8s_pod_resources:
limits:
cpu: "100m"
memory: "100Mi"
k8s_pod_command: []
k8s_pod_ports: []
k8s_pod_env: []
k8s_pod_template:
metadata: "{{ k8s_pod_metadata }}"
spec: "{{ k8s_pod_spec }}"
test_namespace: "apply"
k8s_wait_timeout: 240

131
tests/integration/targets/k8s_apply/tasks/main.yml
View File

@@ -26,7 +26,8 @@
assert:
that:
- k8s_configmap is changed
- k8s_configmap.result.metadata.annotations|default(False)
- '"annotations" in k8s_configmap.result.metadata'
- k8s_configmap.result.metadata.annotations != {}
- name: Add same configmap again
k8s:
@@ -291,36 +292,34 @@
- name: Add a deployment
k8s:
namespace: "{{ test_namespace }}"
definition:
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: apply-deploy
namespace: "{{ test_namespace }}"
labels:
app: apply-deploy
spec:
replicas: 1
selector:
matchLabels:
app: "{{ k8s_pod_name }}"
template: "{{ k8s_pod_template }}"
app: apply-deploy
template:
metadata:
labels:
app: apply-deploy
spec:
serviceAccount: apply-deploy
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
wait: yes
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
apply: yes
vars:
k8s_pod_name: apply-deploy
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:v0.10.0-green
k8s_pod_service_account: apply-deploy
k8s_pod_ports:
- containerPort: 8080
name: http
protocol: TCP
k8s_pod_resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
- name: Update the earlier deployment in check mode
k8s:
@@ -334,33 +333,29 @@
replicas: 1
selector:
matchLabels:
app: "{{ k8s_pod_name }}"
template: "{{ k8s_pod_template }}"
app: apply-deploy
template:
metadata:
labels:
app: apply-deploy
spec:
serviceAccount: apply-deploy
containers:
- name: nginx-2
image: nginx:latest
ports:
- containerPort: 80
wait: yes
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
apply: yes
check_mode: yes
vars:
k8s_pod_name: apply-deploy
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:v0.10.0-purple
k8s_pod_service_account: apply-deploy
k8s_pod_ports:
- containerPort: 8080
name: http
protocol: TCP
k8s_pod_resources:
requests:
cpu: 50m
limits:
cpu: 50m
memory: 50Mi
register: update_deploy_check_mode
- name: Ensure check mode change took
assert:
that:
- update_deploy_check_mode is changed
- "update_deploy_check_mode.result.spec.template.spec.containers[0].image == 'gcr.io/kuar-demo/kuard-amd64:v0.10.0-purple'"
- "update_deploy_check_mode.result.spec.template.spec.containers[0].name == 'nginx-2'"
- name: Update the earlier deployment
k8s:
@@ -374,32 +369,28 @@
replicas: 1
selector:
matchLabels:
app: "{{ k8s_pod_name }}"
template: "{{ k8s_pod_template }}"
app: apply-deploy
template:
metadata:
labels:
app: apply-deploy
spec:
serviceAccount: apply-deploy
containers:
- name: nginx-2
image: nginx:latest
ports:
- containerPort: 80
wait: yes
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
apply: yes
vars:
k8s_pod_name: apply-deploy
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:v0.10.0-purple
k8s_pod_service_account: apply-deploy
k8s_pod_ports:
- containerPort: 8080
name: http
protocol: TCP
k8s_pod_resources:
requests:
cpu: 50m
limits:
cpu: 50m
memory: 50Mi
register: update_deploy_for_real
- name: Ensure change took
assert:
that:
- update_deploy_for_real is changed
- "update_deploy_for_real.result.spec.template.spec.containers[0].image == 'gcr.io/kuar-demo/kuard-amd64:v0.10.0-purple'"
- "update_deploy_for_real.result.spec.template.spec.containers[0].name == 'nginx-2'"
- name: Remove the serviceaccount
k8s:
@@ -423,27 +414,23 @@
replicas: 1
selector:
matchLabels:
app: "{{ k8s_pod_name }}"
template: "{{ k8s_pod_template }}"
app: apply-deploy
template:
metadata:
labels:
app: apply-deploy
spec:
serviceAccount: apply-deploy
containers:
- name: nginx-3
image: nginx:latest
ports:
- containerPort: 80
wait: yes
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
apply: yes
vars:
k8s_pod_name: apply-deploy
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:v0.10.0-green
k8s_pod_service_account: apply-deploy
k8s_pod_ports:
- containerPort: 8080
name: http
protocol: TCP
k8s_pod_resources:
requests:
cpu: 50m
limits:
cpu: 50m
memory: 50Mi
ignore_errors: true
register: deploy_after_serviceaccount_removal
ignore_errors: yes
- name: Ensure that updating deployment after service account removal failed
assert:
@@ -467,7 +454,7 @@
assert:
that:
- k8s_secret is changed
- k8s_secret.result.data.foo
- k8s_secret.result.data.foo != ""
- name: Add same secret
k8s:
@@ -748,7 +735,7 @@
assert:
that:
- _create is changed
- not _info.resources
- _info.resources | length == 0
# server side apply over kubernetes client releases
- name: Create temporary directory

6
tests/integration/targets/k8s_copy/defaults/main.yml
View File

@@ -14,3 +14,9 @@ pod_with_two_container:
pod_without_executable_find:
name: openjdk-pod
pod_with_initcontainer_and_container:
name: pod-copy-2
container:
- container-20
- container-21

18
tests/integration/targets/k8s_copy/tasks/main.yml
View File

@@ -18,6 +18,23 @@
wait: yes
template: pods_definition.j2
- name: Create Init Pod
k8s:
namespace: '{{ copy_namespace }}'
template: pods_definition_init.j2
- kubernetes.core.k8s_info:
api_version: v1
kind: Pod
name: '{{ pod_with_initcontainer_and_container.name }}'
namespace: '{{ copy_namespace }}'
register: init_pod_status
until: >-
init_pod_status.resources|length > 0
and 'initContainerStatuses' in init_pod_status.resources.0.status
and init_pod_status.resources.0.status.initContainerStatuses|length > 0
and init_pod_status.resources.0.status.initContainerStatuses.0.started|bool
- include_tasks: test_copy_errors.yml
- include_tasks: test_check_mode.yml
- include_tasks: test_copy_file.yml
@@ -25,6 +42,7 @@
- include_tasks: test_copy_directory.yml
- include_tasks: test_copy_large_file.yml
- include_tasks: test_copy_item_with_space_in_its_name.yml
- include_tasks: test_init_container_pod.yml
always:

12
tests/integration/targets/k8s_copy/tasks/test_copy_directory.yml
View File

@@ -69,12 +69,14 @@
ignore_errors: true
register: _result
- name: Validate that 'find' executable is missing from Pod
assert:
that:
- _result is failed
fail_msg: "Pod contains 'find' executable, therefore we cannot run the next tasks."
# - name: Validate that 'find' executable is missing from Pod
# assert:
# that:
# - _result is failed
# fail_msg: "Pod contains 'find' executable, therefore we cannot run the next tasks."
- name: Copy directory into Pod without 'find' executable
block:
- name: Copy files into container
k8s_cp:
namespace: "{{ copy_namespace }}"

18
tests/integration/targets/k8s_copy/tasks/test_copy_errors.yml
View File

@@ -67,3 +67,21 @@
that:
- copy_fake_container is failed
- copy_fake_container.msg == "Pod has no container this_is_a_fake_container"
# copy file to not started container in pod should fail
- name: copy file to not started container in pod should fail
k8s_cp:
namespace: '{{ copy_namespace }}'
pod: '{{ pod_with_initcontainer_and_container.name }}'
remote_path: /tmp
local_path: files/simple_file.txt
state: to_pod
container: '{{ pod_with_initcontainer_and_container.container[1] }}'
ignore_errors: true
register: copy_not_started_container
- name: check that error message is as expected
assert:
that:
- copy_not_started_container is failed
- copy_not_started_container.msg == "Pod container {{ pod_with_initcontainer_and_container.container[1] }} is not started"

10
tests/integration/targets/k8s_copy/tasks/test_copy_large_file.yml
View File

@@ -10,9 +10,13 @@
path: "{{ test_directory }}"
state: directory
- name: Create a large text file
ansible.builtin.shell:
cmd: base64 /dev/random | head -c 150M > {{ test_directory }}/large_text_file.txt
- name: Create a text file with specific content
ansible.builtin.copy:
dest: "{{ test_directory }}/large_text_file.txt"
content: |
This is a large text file
{{ 'Repeat this line 1000 times\n' * 1000 }}
mode: '0644'
- name: Create a large binary file
ansible.builtin.command:

25
tests/integration/targets/k8s_copy/tasks/test_init_container_pod.yml Normal file
View File

@@ -0,0 +1,25 @@
---
- set_fact:
random_content: "{{ lookup('password', '/dev/null chars=ascii_lowercase,digits,punctuation length=128') }}"
- name: Copy content into init container
k8s_cp:
namespace: '{{ copy_namespace }}'
pod: '{{ pod_with_initcontainer_and_container.name }}'
remote_path: /file_from_localhost.txt
content: '{{ random_content }}'
container: '{{ pod_with_initcontainer_and_container.container[0] }}'
state: to_pod
- name: Get the content from copied file
kubernetes.core.k8s_exec:
namespace: '{{ copy_namespace }}'
pod: '{{ pod_with_initcontainer_and_container.name }}'
container: '{{ pod_with_initcontainer_and_container.container[0] }}'
command: cat /file_from_localhost.txt
register: exec_out
- name: check that content is found and the same as generated earlier
assert:
that:
- exec_out.stdout == random_content

10
tests/integration/targets/k8s_copy/templates/pods_definition.j2
View File

@@ -6,7 +6,7 @@ metadata:
spec:
containers:
- name: '{{ pod_with_one_container.container }}'
image: busybox
image: busybox:latest
command:
- /bin/sh
- -c
@@ -19,13 +19,13 @@ metadata:
spec:
containers:
- name: '{{ pod_with_two_container.container[0] }}'
image: busybox:1.32.0
image: busybox:latest
command:
- /bin/sh
- -c
- while true;do date;sleep 5; done
- name: '{{ pod_with_two_container.container[1] }}'
image: busybox:1.33.0
image: busybox:latest
command:
- /bin/sh
- -c
@@ -37,8 +37,8 @@ metadata:
name: '{{ pod_without_executable_find.name }}'
spec:
containers:
- name: openjdk17
image: openjdk:17
- name: openjdk
image: openjdk:27-ea
command:
- /bin/sh
- -c

20
tests/integration/targets/k8s_copy/templates/pods_definition_init.j2 Normal file
View File

@@ -0,0 +1,20 @@
---
apiVersion: v1
kind: Pod
metadata:
name: '{{ pod_with_initcontainer_and_container.name }}'
spec:
initContainers:
- name: '{{ pod_with_initcontainer_and_container.container[0] }}'
image: busybox
command:
- /bin/sh
- -c
- while true;do date;sleep 5; done
containers:
- name: '{{ pod_with_initcontainer_and_container.container[1] }}'
image: busybox
command:
- /bin/sh
- -c
- while true;do date;sleep 5; done

6
tests/integration/targets/k8s_delete/files/deployments.yaml
View File

@@ -24,7 +24,7 @@ spec:
apiVersion: apps/v1
kind: Deployment
metadata:
name: openjdk-d
name: busybox-d
labels:
context: ansible
spec:
@@ -38,8 +38,8 @@ spec:
context: ansible
spec:
containers:
- name: openjdk
image: openjdk:17
- name: busybox
image: busybox:latest
command:
- /bin/sh
- -c

27
tests/integration/targets/k8s_delete/tasks/main.yml
View File

@@ -17,7 +17,7 @@
wait_timeout: 400
vars:
k8s_pod_name: delete-ds
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:1
k8s_pod_image: docker.io/nginx:latest
register: ds
- name: Check that daemonset wait worked
@@ -38,7 +38,7 @@
- name: Assert that there are pods
assert:
that:
- pods_create.resources
- pods_create.resources | length > 0
- name: Remove the daemonset
k8s:
@@ -74,7 +74,7 @@
- name: Assert that deleting the daemonset deleted the pods
assert:
that:
- not pods_delete.resources
- pods_delete.resources | length == 0
# test deletion using label selector
- name: Deploy load balancer
@@ -152,6 +152,27 @@
register: _deployment
failed_when: _deployment.resources | length == 0
- name: Trying to delete nginx deployment in check mode and with deleteOptions set
k8s:
kind: Deployment
api_version: apps/v1
namespace: "{{ test_namespace }}"
name: nginx-d
state: absent
delete_options:
propagationPolicy: Foreground
check_mode: true
register: _delete
- name: Validate that Deployment nginx-d still exists
k8s_info:
kind: Deployment
api_version: apps/v1
namespace: "{{ test_namespace }}"
name: nginx-d
register: _deployment
failed_when: _deployment.resources | length != 1
- name: Trying to delete using delete_all=true but missing kind option
k8s:
api_version: apps/v1

4
tests/integration/targets/k8s_drain/tasks/main.yml
View File

@@ -244,7 +244,7 @@
kind: Pod
name: '{{ drain_pod_name }}'
register: _result
failed_when: _result.resources
failed_when: _result.resources | length > 0
- name: assert that emptyDir pod was deleted
k8s_info:
@@ -346,7 +346,7 @@
kind: Pod
name: '{{ drain_pod_name }}-01'
register: _result
failed_when: _result.resources
failed_when: _result.resources | length > 0
# test: drain using pod_selectors
- name: Uncordon node

12
tests/integration/targets/k8s_full/tasks/main.yml
View File

@@ -394,9 +394,11 @@
register: k8s_info_testing6
failed_when: not k8s_info_testing6.resources or k8s_info_testing6.resources[0].status.phase != "Active"
- name: Create large configmap data
command: dd if=/dev/urandom bs=500K count=1
register: cmap_data
- name: Create a file with specific size and attributes, to be used as swap space
community.general.filesize:
path: /tmp/configmap.bin
size: 500K
source: /dev/urandom
- name: Create configmap with large value
k8s:
@@ -407,7 +409,7 @@
name: testmap
namespace: testing
data:
testkey: "{{ cmap_data.stdout | b64encode }}"
testkey: "{{ lookup('file', '/tmp/configmap.bin') | b64encode }}"
wait: true
register: result
@@ -424,7 +426,7 @@
- assert:
that:
- result.resources[0].data.testkey == (cmap_data.stdout | b64encode)
- result.resources[0].data.testkey == (lookup('file', '/tmp/configmap.bin') | b64encode)
# test setting module defaults for kubernetes.core.k8s_info
- block:

8
tests/integration/targets/k8s_gc/tasks/main.yml
View File

@@ -36,7 +36,7 @@
label_selectors:
- "job=gc"
register: wait_job
until: wait_job.resources
until: wait_job.resources | length > 0
retries: 5
delay: 10
@@ -87,7 +87,7 @@
label_selectors:
- "job=gc"
register: wait_job
until: wait_job.resources
until: wait_job.resources | length > 0
retries: 5
delay: 10
@@ -139,7 +139,7 @@
label_selectors:
- "job=gc"
register: wait_job
until: wait_job.resources
until: wait_job.resources | length > 0
retries: 5
delay: 10
@@ -225,7 +225,7 @@
- name: Assert job is deleted
assert:
that: not job.resources
that: job.resources | length == 0
always:
- name: Delete namespace

6
tests/integration/targets/k8s_hide_fields/tasks/main.yml
View File

@@ -58,7 +58,7 @@
- "'managedFields' not in hf4.resources[0]['metadata']"
- name: Hiding a changed field should still result in a change
- name: Hiding a changed field should not result in a change
k8s:
definition: "{{ hide_fields_base_configmap | combine({'data':{'hello':'different'}}) }}"
hidden_fields:
@@ -67,10 +67,10 @@
register: hf5
diff: true
- name: Ensure that hidden changed field changed
- name: Ensure that hidden changed field not changed
assert:
that:
- hf5.changed
- not hf5.changed
- name: Apply works with hidden fields
k8s:

2
tests/integration/targets/k8s_json_patch/tasks/main.yml
View File

@@ -47,7 +47,7 @@
- result.changed
- result.result.metadata.labels.label2 == "bar"
- result.result.spec.containers[0].image == "busybox:glibc"
- result.diff
- result.diff != {}
- name: Describe pod
kubernetes.core.k8s_info:

1
tests/integration/targets/k8s_manifest_url/tasks/main.yml
View File

@@ -81,6 +81,7 @@
replicas: 1
current_replicas: 3
wait: true
wait_timeout: 60
register: scale
- name: Read deployment

295
tests/integration/targets/k8s_rollback/tasks/main.yml
View File

@@ -291,6 +291,301 @@
that:
- failed_version | int + 1 == result.resources[0].metadata.annotations['deprecated.daemonset.template.generation'] | int
- name: Create deployment with specific labels for selector testing
k8s:
state: present
wait: yes
wait_timeout: "{{ k8s_wait_timeout }}"
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-labeled
namespace: "{{ namespace }}"
labels:
app: nginx
test-group: label-selector-test
spec:
replicas: 2
selector:
matchLabels:
app: nginx-labeled
template:
metadata:
labels:
app: nginx-labeled
spec:
containers:
- name: nginx
image: nginx:1.17
ports:
- containerPort: 80
- name: Update deployment to create second revision
k8s:
state: present
wait: yes
wait_timeout: 30
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-labeled
namespace: "{{ namespace }}"
labels:
app: nginx
test-group: label-selector-test
spec:
replicas: 2
selector:
matchLabels:
app: nginx-labeled
template:
metadata:
labels:
app: nginx-labeled
spec:
containers:
- name: nginx
image: nginx:1.18
ports:
- containerPort: 80
- name: Test rollback with label selectors
k8s_rollback:
api_version: apps/v1
kind: Deployment
name: nginx-labeled
namespace: "{{ namespace }}"
label_selectors:
- "test-group=label-selector-test"
register: result
- name: Assert label selector rollback worked
assert:
that:
- result is changed
- result.rollback_info | length == 1
- result.rollback_info[0].method == "patch"
- name: Create deployment with single revision
k8s:
state: present
wait: yes
wait_timeout: 30
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: single-revision
namespace: "{{ namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: single-revision
template:
metadata:
labels:
app: single-revision
spec:
containers:
- name: nginx
image: nginx:1.17
ports:
- containerPort: 80
- name: Try to rollback deployment with no previous revisions
k8s_rollback:
api_version: apps/v1
kind: Deployment
name: single-revision
namespace: "{{ namespace }}"
register: result
- name: Debug result
debug:
var: result
- name: Assert warning is returned for no rollout history
assert:
that:
- not result.changed
- result.warnings is defined
- "'No rollout history found' in result.warnings[0]"
- name: Create a service for unsupported resource test
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: test-service
namespace: "{{ namespace }}"
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
- name: Test rollback on unsupported resource type
k8s_rollback:
api_version: v1
kind: Service
name: test-service
namespace: "{{ namespace }}"
register: result
ignore_errors: yes
- name: Assert error message for unsupported resource
assert:
that:
- not result.changed
- "'Cannot perform rollback on resource of kind Service' in result.msg"
- name: Test rollback on non-existent deployment
k8s_rollback:
api_version: apps/v1
kind: Deployment
name: non-existent
namespace: "{{ namespace }}"
register: result
- name: Assert no resources found
assert:
that:
- not result.changed
- result.rollback_info | length == 0
- name: Create multiple deployments with same label
k8s:
state: present
wait: yes
wait_timeout: 30
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: "multi-{{ item }}"
namespace: "{{ namespace }}"
labels:
group: multi-test
app: multi
spec:
replicas: 1
selector:
matchLabels:
app: "multi-{{ item }}"
template:
metadata:
labels:
app: "multi-{{ item }}"
spec:
containers:
- name: nginx
image: nginx:1.17
ports:
- containerPort: 80
loop: [1, 2, 3]
- name: Update multiple deployments to create second revisions
k8s:
state: present
wait: yes
wait_timeout: 30
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: "multi-{{ item }}"
namespace: "{{ namespace }}"
labels:
group: multi-test
app: multi
spec:
replicas: 1
selector:
matchLabels:
app: "multi-{{ item }}"
template:
metadata:
labels:
app: "multi-{{ item }}"
spec:
containers:
- name: nginx
image: nginx:1.18
ports:
- containerPort: 80
loop: [1, 2, 3]
- name: Rollback multiple deployments using label selector
k8s_rollback:
api_version: apps/v1
kind: Deployment
name: "multi-{{ item }}"
namespace: "{{ namespace }}"
label_selectors:
- "group=multi-test"
register: result
loop: [1, 2, 3]
- name: Assert multiple resources were rolled back
assert:
that:
- result.results | length == 3
- result.results | selectattr('changed', 'equalto', true) | list | length == 3
- result.results | selectattr('rollback_info', 'defined') | list | length == 3
- result.results | map(attribute='rollback_info') | map('first') | map(attribute='method') | select('equalto', 'patch') | list | length == 3
- name: Validate rollback_info structure for deployment
assert:
that:
- result.results is defined
- result.results[0].rollback_info is defined
- result.results[0].rollback_info | length > 0
- result.results[0].rollback_info[0].method == "patch"
- result.results[0].rollback_info[0].body is defined
- result.results[0].rollback_info[0].resources is defined
- result.results[0].rollback_info[0].resources.metadata is defined
- result.results[0].rollback_info[0].resources.spec is defined
- name: Test rollback with field selectors
k8s_rollback:
api_version: apps/v1
kind: Deployment
name: multi-1
namespace: "{{ namespace }}"
field_selectors:
- "metadata.name=multi-1"
register: result
- name: Assert field selector rollback worked
assert:
that:
- result is changed
- result.rollback_info | length == 1
- result.rollback_info[0].resources.metadata.name == "multi-1"
- name: Test check mode return values
k8s_rollback:
api_version: apps/v1
kind: Deployment
name: multi-2
namespace: "{{ namespace }}"
register: result
check_mode: yes
- name: Validate check mode returns expected structure
assert:
that:
- result is changed
- result.rollback_info is defined
- result.rollback_info[0].method == "patch"
- result.rollback_info[0].body is defined
always:
- name: Delete {{ namespace }} namespace
k8s:

38
tests/integration/targets/k8s_scale/defaults/main.yml
View File

@@ -1,42 +1,4 @@
---
k8s_pod_metadata:
labels:
app: "{{ k8s_pod_name }}"
k8s_pod_spec:
serviceAccount: "{{ k8s_pod_service_account }}"
containers:
- image: "{{ k8s_pod_image }}"
imagePullPolicy: Always
name: "{{ k8s_pod_name }}"
command: "{{ k8s_pod_command }}"
readinessProbe:
initialDelaySeconds: 15
exec:
command:
- /bin/true
resources: "{{ k8s_pod_resources }}"
ports: "{{ k8s_pod_ports }}"
env: "{{ k8s_pod_env }}"
k8s_pod_service_account: default
k8s_pod_resources:
limits:
cpu: "100m"
memory: "100Mi"
k8s_pod_command: []
k8s_pod_ports: []
k8s_pod_env: []
k8s_pod_template:
metadata: "{{ k8s_pod_metadata }}"
spec: "{{ k8s_pod_spec }}"
test_namespace: "scale"
k8s_wait_timeout: 400

77
tests/integration/targets/k8s_scale/tasks/main.yml
View File

@@ -5,28 +5,32 @@
- name: Add a deployment
k8s:
namespace: "{{ scale_namespace }}"
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: scale-deploy
namespace: "{{ scale_namespace }}"
labels:
app: scale-deploy
spec:
replicas: 1
selector:
matchLabels:
app: "{{ k8s_pod_name }}"
template: "{{ k8s_pod_template }}"
wait: yes
app: scale-deploy
template:
metadata:
labels:
app: scale-deploy
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
apply: yes
vars:
k8s_pod_name: scale-deploy
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:v0.10.0-green
k8s_pod_ports:
- containerPort: 8080
name: http
protocol: TCP
apply: true
- name: Get pods in scale-deploy
k8s_info:
@@ -44,7 +48,8 @@
name: scale-deploy
namespace: "{{ scale_namespace }}"
replicas: 0
wait: yes
wait: true
wait_timeout: 60
register: scale_down
check_mode: true
@@ -75,7 +80,8 @@
name: scale-deploy
namespace: "{{ scale_namespace }}"
replicas: 0
wait: yes
wait: true
wait_timeout: 60
register: scale_down
check_mode: true
@@ -106,7 +112,7 @@
name: scale-deploy
namespace: "{{ scale_namespace }}"
replicas: 0
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
register: scale_down
diff: true
@@ -129,7 +135,7 @@
that:
- scale_down is changed
- '"duration" in scale_down'
- scale_down.diff
- scale_down.diff != {}
- name: Scale the deployment once again (idempotency)
k8s_scale:
@@ -138,7 +144,8 @@
name: scale-deploy
namespace: "{{ scale_namespace }}"
replicas: 0
wait: yes
wait: true
wait_timeout: 60
register: scale_down_idempotency
diff: true
@@ -159,18 +166,20 @@
replicas: 1
selector:
matchLabels:
app: "{{ k8s_pod_name }}"
template: "{{ k8s_pod_template }}"
wait: yes
app: scale-deploy
template:
metadata:
labels:
app: scale-deploy
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
apply: yes
vars:
k8s_pod_name: scale-deploy
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:v0.10.0-green
k8s_pod_ports:
- containerPort: 8080
name: http
protocol: TCP
apply: true
register: reapply_after_scale
- name: Get pods in scale-deploy
@@ -199,7 +208,7 @@
wait: yes
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
register: scale_up
diff: no
diff: false
- name: Get pods in scale-deploy
k8s_info:
@@ -227,8 +236,9 @@
namespace: "{{ scale_namespace }}"
replicas: 2
wait: yes
wait_timeout: 60
register: scale_up_noop
diff: no
diff: false
- name: Get pods in scale-deploy
k8s_info:
@@ -255,7 +265,7 @@
name: scale-deploy
namespace: "{{ scale_namespace }}"
replicas: 1
wait: no
wait: false
register: scale_down_no_wait
diff: true
@@ -274,7 +284,7 @@
assert:
that:
- scale_down_no_wait is changed
- scale_down_no_wait.diff
- scale_down_no_wait.diff != {}
- scale_down_no_wait_pods.resources | length == 1
# scale multiple resource using label selectors
@@ -302,12 +312,12 @@
resource_version: 0
label_selectors:
- app=nginx
wait_timeout: 60
register: scale_out
- assert:
that:
- not scale_out.changed
- scale_out.results | selectattr('warning', 'defined') | list | length == 2
- name: scale deployment using current replicas (wrong value)
kubernetes.core.k8s_scale:
@@ -322,7 +332,6 @@
- assert:
that:
- not scale_out.changed
- scale_out.results | selectattr('warning', 'defined') | list | length == 2
- name: scale deployment using current replicas (right value)
kubernetes.core.k8s_scale:

2
tests/integration/targets/k8s_taint/tasks/main.yml
View File

@@ -421,7 +421,7 @@
- name: Assert that taints have been removed
assert:
that:
- _result.resources | selectattr('spec.taints', 'undefined')
- _result.resources | selectattr('spec.taints', 'undefined') | list | length > 0
always:

78
tests/integration/targets/k8s_template/tasks/main.yml
View File

@@ -7,7 +7,7 @@
kubernetes.core.k8s_service:
template: "pod_one.j2"
state: present
ignore_errors: yes
ignore_errors: true
register: r
- name: Check for expected failures in last tasks
@@ -35,7 +35,7 @@
k8s_pod_name_one: pod
k8s_pod_namespace: "{{ template_namespace }}"
register: r
ignore_errors: yes
ignore_errors: true
- name: Check if definition and template are mutually exclusive
assert:
@@ -52,7 +52,7 @@
k8s_pod_name_one: pod
k8s_pod_namespace: "{{ template_namespace }}"
register: r
ignore_errors: yes
ignore_errors: true
- name: Check if src and template are mutually exclusive
assert:
@@ -63,7 +63,7 @@
- name: Create pod using template (direct specification)
kubernetes.core.k8s:
template: "pod_one.j2"
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_one: pod-1
@@ -79,7 +79,7 @@
kubernetes.core.k8s:
template:
- default
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_one: pod-2
@@ -96,7 +96,7 @@
kubernetes.core.k8s:
template:
path: "pod_one.j2"
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_one: pod-3
@@ -114,12 +114,11 @@
path: "pod_two.j2"
variable_start_string: '[['
variable_end_string: ']]'
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_two: pod-4
k8s_pod_namespace: "[[ template_namespace ]]"
ansible_python_interpreter: "[[ ansible_playbook_python ]]"
k8s_pod_namespace: "template-test"
register: r
- name: Assert that pod creation succeeded using template
@@ -131,7 +130,7 @@
kubernetes.core.k8s:
template:
path: "pod_three.j2"
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_three_one: pod-5
@@ -152,7 +151,7 @@
variable_start_string: '[['
variable_end_string: ']]'
- path: "pod_three.j2"
wait: yes
wait: true
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name_one: pod-7
@@ -239,63 +238,6 @@
- resource.result.results | selectattr('changed') | list | length == 1
- resource.result.results | selectattr('error', 'defined') | list | length == 1
# Test resource definition using template with 'omit'
- name: Deploy configmap using template
k8s:
namespace: "{{ template_namespace }}"
name: test-data
template: configmap.yml.j2
- name: Read configmap created
k8s_info:
kind: configmap
namespace: "{{ template_namespace }}"
name: test-data
register: _configmap
- name: Validate that the configmap does not contains annotations
assert:
that:
- '"annotations" not in _configmap.resources.0.metadata'
- name: Create resource once again
k8s:
namespace: "{{ template_namespace }}"
name: test-data
template: configmap.yml.j2
register: _configmap
- name: assert that nothing changed
assert:
that:
- _configmap is not changed
- name: Create resource once again (using description)
k8s:
namespace: "{{ template_namespace }}"
name: test-data
template: configmap.yml.j2
register: _configmap
vars:
k8s_configmap_desc: "This is a simple configmap used to test ansible k8s collection"
- name: assert that configmap was changed
assert:
that:
- _configmap is changed
- name: Read configmap created
k8s_info:
kind: configmap
namespace: "{{ template_namespace }}"
name: test-data
register: _configmap
- name: Validate that the configmap does not contains annotations
assert:
that:
- _configmap.resources.0.metadata.annotations.description == "This is a simple configmap used to test ansible k8s collection"
always:
- name: Remove namespace (Cleanup)
kubernetes.core.k8s:

7
tests/integration/targets/k8s_template/templates/configmap.yml.j2
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
description: "{{ k8s_configmap_desc | default(omit) }}"
data:
key: "testing-template"

39
tests/integration/targets/k8s_waiter/tasks/main.yml
View File

@@ -40,7 +40,7 @@
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-ds
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:1
k8s_pod_image: docker.io/busybox:latest
k8s_pod_command:
- sleep
- "600"
@@ -71,7 +71,7 @@
wait_timeout: 180
vars:
k8s_pod_name: wait-ds
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:2
k8s_pod_image: docker.io/alpine:latest
k8s_pod_command:
- sleep
- "600"
@@ -82,7 +82,7 @@
assert:
that:
- update_ds_check_mode is changed
- "update_ds_check_mode.result.spec.template.spec.containers[0].image == 'gcr.io/kuar-demo/kuard-amd64:2'"
- "update_ds_check_mode.result.spec.template.spec.containers[0].image == 'docker.io/alpine:latest'"
- name: Update a daemonset
k8s:
@@ -104,7 +104,7 @@
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-ds
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:3
k8s_pod_image: docker.io/busybox:latest
k8s_pod_command:
- sleep
- "600"
@@ -125,7 +125,7 @@
assert:
that:
- ds.result.status.currentNumberScheduled == ds.result.status.desiredNumberScheduled
- updated_ds_pods.resources[0].spec.containers[0].image.endswith(":3")
- updated_ds_pods.resources[0].spec.containers[0].image == 'docker.io/busybox:latest'
- name: Create daemonset with nodeSelector and not existing label
k8s:
@@ -145,7 +145,7 @@
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-daemonset-not-existing-label
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:1
k8s_pod_image: docker.io/busybox:latest
k8s_pod_command:
- sleep
- "600"
@@ -187,7 +187,7 @@
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-sts
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:1
k8s_pod_image: docker.io/busybox:latest
k8s_pod_command:
- sleep
- "600"
@@ -251,7 +251,7 @@
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-sts
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:3
k8s_pod_image: docker.io/alpine:latest
k8s_pod_command:
- sleep
- "600"
@@ -272,7 +272,7 @@
assert:
that:
- sts.result.spec.replicas == sts.result.status.readyReplicas
- updated_sts_pods.resources[0].spec.containers[0].image.endswith(":3")
- updated_sts_pods.resources[0].spec.containers[0].image == 'docker.io/alpine:latest'
- name: Add a crashing pod
k8s:
@@ -288,11 +288,11 @@
wait_timeout: 30
vars:
k8s_pod_name: wait-crash-pod
k8s_pod_image: alpine:3.8
k8s_pod_image: busybox:latest
k8s_pod_command:
- /bin/false
register: crash_pod
ignore_errors: yes
ignore_errors: true
- name: Check that task failed
assert:
@@ -315,7 +315,7 @@
k8s_pod_name: wait-no-image-pod
k8s_pod_image: i_made_this_up:and_this_too
register: no_image_pod
ignore_errors: yes
ignore_errors: true
- name: Check that task failed
assert:
@@ -340,12 +340,11 @@
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-deploy
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:1
k8s_pod_image: docker.io/nginx:latest
k8s_pod_ports:
- containerPort: 8080
name: http
protocol: TCP
register: deploy
- name: Check that deployment wait worked
@@ -371,7 +370,7 @@
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-deploy
k8s_pod_image: gcr.io/kuar-demo/kuard-amd64:2
k8s_pod_image: docker.io/nginx:stable-alpine
k8s_pod_ports:
- containerPort: 8080
name: http
@@ -394,7 +393,7 @@
field_selectors:
- status.phase=Running
register: updated_deploy_pods
until: updated_deploy_pods.resources[0].spec.containers[0].image.endswith(':2')
until: updated_deploy_pods.resources[0].spec.containers[0].image == 'docker.io/nginx:stable-alpine'
retries: 6
delay: 5
@@ -474,11 +473,11 @@
wait_timeout: "{{ k8s_wait_timeout | default(omit) }}"
vars:
k8s_pod_name: wait-crash-deploy
k8s_pod_image: alpine:3.8
k8s_pod_image: docker.io/nginx:latest
k8s_pod_command:
- /bin/false
register: wait_crash_deploy
ignore_errors: yes
ignore_errors: true
- name: Check that task failed
assert:
@@ -495,7 +494,7 @@
wait: yes
wait_sleep: 2
wait_timeout: 5
ignore_errors: yes
ignore_errors: true
register: short_wait_remove_pod
- name: Check that task failed
@@ -509,4 +508,4 @@
kind: Namespace
name: "{{ wait_namespace }}"
state: absent
ignore_errors: yes
ignore_errors: true

4
tests/integration/targets/lookup_k8s/tasks/main.yml
View File

@@ -56,8 +56,8 @@
# Without wantlist=True lookup should return mapping
- test5 is mapping
- test6 is mapping
# errors='ignore'
- test7 is string
# errors='ignore' (return null with ansible-core 2.19)
- test7 is string or not test7
- test8 is not defined
- name: Create another namespace with label

11
tests/integration/targets/setup_namespace/tasks/main.yml
View File

@@ -4,10 +4,17 @@
namespace_to_create: "{{ item.name | default(item) }}"
namespace_labels: "{{ item.labels | default(omit) }}"
with_items: "{{ test_namespace }}"
when: test_namespace | type_debug == "list"
when:
- test_namespace is not string
- test_namespace is not mapping
- test_namespace is iterable
- include_tasks: tasks/create.yml
vars:
namespace_to_create: "{{ test_namespace }}"
namespace_labels: "{{ test_namespace_labels | default(omit) }}"
when: test_namespace | type_debug == "AnsibleUnicode"
when:
- test_namespace is string
- test_namespace is iterable
- test_namespace is sequence
- test_namespace is not mapping

15
tests/sanity/ignore-2.15.txt → tests/sanity/ignore-2.20.txt
View File

@@ -1,12 +1,15 @@
plugins/module_utils/client/discovery.py import-3.9!skip
plugins/module_utils/client/discovery.py import-3.10!skip
plugins/module_utils/client/discovery.py import-3.11!skip
plugins/module_utils/client/resource.py import-3.9!skip
plugins/module_utils/client/resource.py import-3.10!skip
plugins/module_utils/client/discovery.py import-3.12!skip
plugins/module_utils/client/discovery.py import-3.13!skip
plugins/module_utils/client/discovery.py import-3.14!skip
plugins/module_utils/client/resource.py import-3.11!skip
plugins/module_utils/k8sdynamicclient.py import-3.9!skip
plugins/module_utils/k8sdynamicclient.py import-3.10!skip
plugins/module_utils/client/resource.py import-3.12!skip
plugins/module_utils/client/resource.py import-3.13!skip
plugins/module_utils/client/resource.py import-3.14!skip
plugins/module_utils/k8sdynamicclient.py import-3.11!skip
plugins/module_utils/k8sdynamicclient.py import-3.12!skip
plugins/module_utils/k8sdynamicclient.py import-3.13!skip
plugins/module_utils/k8sdynamicclient.py import-3.14!skip
plugins/module_utils/version.py pylint!skip
plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
plugins/modules/k8s_scale.py validate-modules:parameter-type-not-in-doc

21
tests/sanity/ignore-2.14.txt → tests/sanity/ignore-2.21.txt
View File

@@ -1,18 +1,23 @@
plugins/module_utils/client/discovery.py import-3.9!skip
plugins/module_utils/client/discovery.py import-3.10!skip
plugins/module_utils/client/discovery.py import-3.11!skip
plugins/module_utils/client/resource.py import-3.9!skip
plugins/module_utils/client/resource.py import-3.10!skip
plugins/module_utils/client/discovery.py import-3.12!skip
plugins/module_utils/client/discovery.py import-3.13!skip
plugins/module_utils/client/discovery.py import-3.14!skip
plugins/module_utils/client/resource.py import-3.11!skip
plugins/module_utils/k8sdynamicclient.py import-3.9!skip
plugins/module_utils/k8sdynamicclient.py import-3.10!skip
plugins/module_utils/client/resource.py import-3.12!skip
plugins/module_utils/client/resource.py import-3.13!skip
plugins/module_utils/client/resource.py import-3.14!skip
plugins/module_utils/k8sdynamicclient.py import-3.11!skip
plugins/module_utils/k8sdynamicclient.py import-3.12!skip
plugins/module_utils/k8sdynamicclient.py import-3.13!skip
plugins/module_utils/k8sdynamicclient.py import-3.14!skip
plugins/module_utils/version.py pylint!skip
plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
plugins/modules/k8s_scale.py validate-modules:parameter-type-not-in-doc
plugins/modules/k8s_service.py validate-modules:parameter-type-not-in-doc
tests/unit/module_utils/fixtures/clusteroperator.yml yamllint!skip
tests/unit/module_utils/fixtures/definitions.yml yamllint!skip
tests/unit/module_utils/fixtures/deployments.yml yamllint!skip
tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip
tests/unit/module_utils/fixtures/pods.yml yamllint!skip
tests/integration/targets/helm/files/appversionless-chart-v2/templates/configmap.yaml yamllint!skip
tests/integration/targets/helm/files/appversionless-chart/templates/configmap.yaml yamllint!skip
@@ -24,8 +29,8 @@ plugins/modules/k8s.py validate-modules:return-syntax-error
plugins/modules/k8s_scale.py validate-modules:return-syntax-error
plugins/modules/k8s_service.py validate-modules:return-syntax-error
plugins/modules/k8s_taint.py validate-modules:return-syntax-error
tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip
tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip
tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip
plugins/modules/helm.py validate-modules:bad-return-value-key
plugins/modules/helm_info.py validate-modules:bad-return-value-key

35
tests/sanity/ignore-2.22.txt Normal file
View File

@@ -0,0 +1,35 @@
plugins/module_utils/client/discovery.py import-3.11!skip
plugins/module_utils/client/discovery.py import-3.12!skip
plugins/module_utils/client/discovery.py import-3.13!skip
plugins/module_utils/client/discovery.py import-3.14!skip
plugins/module_utils/client/resource.py import-3.11!skip
plugins/module_utils/client/resource.py import-3.12!skip
plugins/module_utils/client/resource.py import-3.13!skip
plugins/module_utils/client/resource.py import-3.14!skip
plugins/module_utils/k8sdynamicclient.py import-3.11!skip
plugins/module_utils/k8sdynamicclient.py import-3.12!skip
plugins/module_utils/k8sdynamicclient.py import-3.13!skip
plugins/module_utils/k8sdynamicclient.py import-3.14!skip
plugins/module_utils/version.py pylint!skip
plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
plugins/modules/k8s_scale.py validate-modules:parameter-type-not-in-doc
plugins/modules/k8s_service.py validate-modules:parameter-type-not-in-doc
tests/unit/module_utils/fixtures/clusteroperator.yml yamllint!skip
tests/unit/module_utils/fixtures/definitions.yml yamllint!skip
tests/unit/module_utils/fixtures/deployments.yml yamllint!skip
tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip
tests/unit/module_utils/fixtures/pods.yml yamllint!skip
tests/integration/targets/helm/files/appversionless-chart-v2/templates/configmap.yaml yamllint!skip
tests/integration/targets/helm/files/appversionless-chart/templates/configmap.yaml yamllint!skip
tests/integration/targets/helm/files/test-chart-v2/templates/configmap.yaml yamllint!skip
tests/integration/targets/helm/files/test-chart/templates/configmap.yaml yamllint!skip
tests/integration/targets/helm_diff/files/test-chart/templates/configmap.yaml yamllint!skip
tests/integration/targets/k8s_scale/files/deployment.yaml yamllint!skip
plugins/modules/k8s.py validate-modules:return-syntax-error
plugins/modules/k8s_scale.py validate-modules:return-syntax-error
plugins/modules/k8s_service.py validate-modules:return-syntax-error
plugins/modules/k8s_taint.py validate-modules:return-syntax-error
tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip
tests/integration/targets/helm_diff/files/test-chart-deployment-time/templates/configmap.yaml yamllint!skip
plugins/modules/helm.py validate-modules:bad-return-value-key
plugins/modules/helm_info.py validate-modules:bad-return-value-key

105
tests/unit/action/test_remove_omit.py
View File

@@ -1,105 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright: (c) 2022, Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
from datetime import datetime
from ansible_collections.kubernetes.core.plugins.action.k8s_info import RemoveOmit
def get_omit_token():
return "__omit_place_holder__%s" % datetime.now().strftime("%Y%m%d%H%M%S")
def test_remove_omit_from_str():
omit_token = get_omit_token()
src = """
project: ansible
collection: {omit}
""".format(
omit=omit_token
)
result = RemoveOmit(src, omit_value=omit_token).output()
assert len(result) == 1
assert result[0] == dict(project="ansible")
def test_remove_omit_from_list():
omit_token = get_omit_token()
src = """
items:
- {omit}
""".format(
omit=omit_token
)
result = RemoveOmit(src, omit_value=omit_token).output()
assert len(result) == 1
assert result[0] == dict(items=[])
def test_remove_omit_from_list_of_dict():
omit_token = get_omit_token()
src = """
items:
- owner: ansible
team: {omit}
- simple_list_item
""".format(
omit=omit_token
)
result = RemoveOmit(src, omit_value=omit_token).output()
assert len(result) == 1
assert result[0] == dict(items=[dict(owner="ansible"), "simple_list_item"])
def test_remove_omit_combined():
omit_token = get_omit_token()
src = """
items:
- {omit}
- list_item_a
- list_item_b
parent:
child:
subchilda: {omit}
subchildb:
name: {omit}
age: 3
""".format(
omit=omit_token
)
result = RemoveOmit(src, omit_value=omit_token).output()
assert len(result) == 1
assert result[0] == dict(
items=["list_item_a", "list_item_b"],
parent=dict(child=dict(subchildb=dict(age=3))),
)
def test_remove_omit_mutiple_documents():
omit_token = get_omit_token()
src = [
"""
project: ansible
collection: {omit}
""".format(
omit=omit_token
),
"---",
"""
project: kubernetes
environment: production
collection: {omit}""".format(
omit=omit_token
),
]
src = "\n".join(src)
print(src)
result = RemoveOmit(src, omit_value=omit_token).output()
assert len(result) == 2
assert result[0] == dict(project="ansible")
assert result[1] == dict(project="kubernetes", environment="production")

3
tests/unit/conftest.py
View File

@@ -10,7 +10,6 @@ import ansible.module_utils.basic
import pytest
from ansible.module_utils._text import to_bytes
from ansible.module_utils.common._collections_compat import MutableMapping
from ansible.module_utils.six import string_types
@pytest.fixture
@@ -20,7 +19,7 @@ def stdin(mocker, request):
old_argv = sys.argv
sys.argv = ["ansible_unittest"]
if isinstance(request.param, string_types):
if isinstance(request.param, str):
args = request.param
elif isinstance(request.param, MutableMapping):
if "ANSIBLE_MODULE_ARGS" not in request.param:

76
tests/unit/module_utils/test_core.py
View File

@@ -2,50 +2,57 @@ from __future__ import absolute_import, division, print_function
__metaclass__ = type
import json
import re
import kubernetes
import pytest
from ansible_collections.kubernetes.core.plugins.module_utils.k8s.core import (
AnsibleK8SModule,
)
from mock import MagicMock, patch
MINIMAL_K8S_VERSION = "24.2.0"
UNSUPPORTED_K8S_VERSION = "11.0.0"
@pytest.mark.parametrize("stdin", [{}], indirect=["stdin"])
def test_no_warn(monkeypatch, stdin, capfd):
class FakeAnsibleModule:
def __init__(self, **kwargs):
pass
def exit_json(self):
raise SystemExit(0)
@patch.object(AnsibleK8SModule, "warn")
def test_no_warn(m_ansible_k8s_module_warn, monkeypatch, capfd):
monkeypatch.setattr(kubernetes, "__version__", MINIMAL_K8S_VERSION)
module = AnsibleK8SModule(argument_spec={})
m_ansible_k8s_module_warn.side_effect = print
module = AnsibleK8SModule(argument_spec={}, module_class=FakeAnsibleModule)
with pytest.raises(SystemExit):
module.exit_json()
out, err = capfd.readouterr()
return_value = json.loads(out)
assert return_value.get("exception") is None
assert return_value.get("warnings") is None
assert return_value.get("failed") is None
m_ansible_k8s_module_warn.assert_not_called()
@pytest.mark.parametrize("stdin", [{}], indirect=["stdin"])
def test_warn_on_k8s_version(monkeypatch, stdin, capfd):
@patch.object(AnsibleK8SModule, "warn")
def test_warn_on_k8s_version(m_ansible_k8s_module_warn, monkeypatch, capfd):
monkeypatch.setattr(kubernetes, "__version__", UNSUPPORTED_K8S_VERSION)
module = AnsibleK8SModule(argument_spec={})
m_ansible_k8s_module_warn.side_effect = print
module = AnsibleK8SModule(argument_spec={}, module_class=FakeAnsibleModule)
with pytest.raises(SystemExit):
module.exit_json()
m_ansible_k8s_module_warn.assert_called_once()
out, err = capfd.readouterr()
return_value = json.loads(out)
assert return_value.get("warnings") is not None
warnings = return_value["warnings"]
assert len(warnings) == 1
assert "kubernetes" in warnings[0]
assert MINIMAL_K8S_VERSION in warnings[0]
assert (
re.search(
r"kubernetes<([0-9]+\.[0-9]+\.[0-9]+) is not supported or tested. Some features may not work.",
out,
)
is not None
)
dependencies = [
@@ -58,9 +65,17 @@ dependencies = [
@pytest.mark.parametrize(
"stdin,desired,actual,result", [({}, *d) for d in dependencies], indirect=["stdin"]
)
def test_has_at_least(monkeypatch, stdin, desired, actual, result, capfd):
@patch.object(AnsibleK8SModule, "warn")
def test_has_at_least(
m_ansible_k8s_module_warn, monkeypatch, stdin, desired, actual, result, capfd
):
monkeypatch.setattr(kubernetes, "__version__", actual)
def fake_warn(x):
print(x)
raise SystemExit(1)
m_ansible_k8s_module_warn.side_effect = fake_warn
module = AnsibleK8SModule(argument_spec={})
assert module.has_at_least("kubernetes", desired) is result
@@ -80,11 +95,18 @@ def test_requires_fails_with_message(
monkeypatch, stdin, dependency, version, msg, capfd
):
monkeypatch.setattr(kubernetes, "__version__", "24.2.0")
module = AnsibleK8SModule(argument_spec={})
module = AnsibleK8SModule(argument_spec={}, module_class=FakeAnsibleModule)
def fake_fail_json(**kwargs):
print(f"Printing message => {kwargs}")
print(kwargs.get("msg"))
raise SystemExit(1)
module.fail_json = MagicMock()
module.fail_json.side_effect = fake_fail_json
with pytest.raises(SystemExit):
module.requires(dependency, version)
module.fail_json.assert_called_once()
out, err = capfd.readouterr()
return_value = json.loads(out)
assert return_value.get("failed")
assert msg in return_value.get("msg")
assert msg in out

43
tests/unit/module_utils/test_helm.py
View File

@@ -443,3 +443,46 @@ def test_module_get_helm_set_values_args(set_values, expected):
result = helm_module.get_helm_set_values_args(set_values)
assert " ".join(expected) == result
@pytest.mark.parametrize(
"helm_version,should_fail",
[
("3.0.0", False),
("3.5.0", False),
("3.10.3", False),
("3.15.0", False),
("3.17.0", False),
("2.9.0", True),
("2.17.0", True),
("4.0.0", True),
("4.1.0", True),
("5.0.0", True),
],
)
def test_module_validate_helm_version(_ansible_helm_module, helm_version, should_fail):
_ansible_helm_module.get_helm_version = MagicMock()
_ansible_helm_module.get_helm_version.return_value = helm_version
if should_fail:
with pytest.raises(SystemExit):
_ansible_helm_module.validate_helm_version()
_ansible_helm_module.fail_json.assert_called_once()
call_args = _ansible_helm_module.fail_json.call_args
assert "Helm version must be >=3.0.0,<4.0.0" in call_args[1]["msg"]
assert helm_version in call_args[1]["msg"]
else:
_ansible_helm_module.validate_helm_version()
_ansible_helm_module.fail_json.assert_not_called()
def test_module_validate_helm_version_none(_ansible_helm_module):
_ansible_helm_module.get_helm_version = MagicMock()
_ansible_helm_module.get_helm_version.return_value = None
with pytest.raises(SystemExit):
_ansible_helm_module.validate_helm_version()
_ansible_helm_module.fail_json.assert_called_once_with(
msg="Unable to determine Helm version"
)

401
tests/unit/module_utils/test_kubeconfig_redaction.py Normal file
View File

@@ -0,0 +1,401 @@
# Copyright [2025] [Red Hat, Inc.]
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
import warnings
import pytest
from ansible_collections.kubernetes.core.plugins.module_utils.args_common import (
extract_sensitive_values_from_kubeconfig,
)
@pytest.fixture
def mock_kubeconfig_with_sensitive_data():
return {
"apiVersion": "v1",
"kind": "Config",
"clusters": [
{
"name": "test-cluster",
"cluster": {
"server": "https://test-cluster.example.com",
"certificate-authority-data": "LS0tLS1CRUdJTi...fake-cert-data",
"insecure-skip-tls-verify": False,
},
}
],
"contexts": [
{
"name": "test-context",
"context": {
"cluster": "test-cluster",
"user": "test-user",
"namespace": "default",
},
}
],
"current-context": "test-context",
"users": [
{
"name": "test-user",
"user": {
"client-certificate-data": "LS0tLS1CRUdJTi...fake-client-cert",
"client-key-data": "LS0tLS1CRUdJTi...fake-client-key",
"token": "eyJhbGciOiJSUzI1NiIs...fake-token",
"password": "fake-password-123",
"username": "testuser",
},
},
{
"name": "service-account-user",
"user": {
"token": "eyJhbGciOiJSUzI1NiIs...fake-service-token",
},
},
],
}
@pytest.fixture
def mock_kubeconfig_with_nested_sensitive_data():
return {
"apiVersion": "v1",
"kind": "Config",
"clusters": [
{
"name": "cluster-1",
"cluster": {
"certificate-authority-data": "fake-ca-data-1",
},
},
{
"name": "cluster-2",
"cluster": {
"certificate-authority-data": "fake-ca-data-2",
},
},
],
"users": [
{
"name": "user-1",
"user": {
"client-certificate-data": "fake-cert-1",
"client-key-data": "fake-key-1",
"token": "fake-token-1",
"secret": "fake-secret-1",
"api_key": "fake-api-key-1",
"access-token": "fake-access-token-1",
"refresh-token": "fake-refresh-token-1",
},
},
],
}
@pytest.fixture
def mock_kubeconfig_without_sensitive_data():
return {
"apiVersion": "v1",
"kind": "Config",
"clusters": [
{
"name": "test-cluster",
"cluster": {
"server": "https://test-cluster.example.com",
"insecure-skip-tls-verify": True,
},
}
],
"users": [
{
"name": "test-user",
"user": {
"username": "testuser",
},
}
],
}
@pytest.fixture
def mock_kubeconfig_v2():
"""Mock kubeconfig with API version v2 to test warning behavior."""
return {
"apiVersion": "v2",
"kind": "Config",
"clusters": [
{
"name": "test-cluster",
"cluster": {
"server": "https://test-cluster.example.com",
"certificate-authority-data": "fake-ca-data-v2",
},
}
],
"users": [
{
"name": "test-user",
"user": {
"token": "fake-token-v2",
"password": "fake-password-v2",
},
}
],
}
def test_extract_sensitive_values_basic(mock_kubeconfig_with_sensitive_data):
result = extract_sensitive_values_from_kubeconfig(
mock_kubeconfig_with_sensitive_data
)
# Should extract all sensitive string values
expected_values = {
"LS0tLS1CRUdJTi...fake-cert-data", # certificate-authority-data
"LS0tLS1CRUdJTi...fake-client-cert", # client-certificate-data
"LS0tLS1CRUdJTi...fake-client-key", # client-key-data
"eyJhbGciOiJSUzI1NiIs...fake-token", # token
"fake-password-123", # password
"eyJhbGciOiJSUzI1NiIs...fake-service-token", # second token
}
assert result == expected_values
def test_extract_sensitive_values_nested(mock_kubeconfig_with_nested_sensitive_data):
result = extract_sensitive_values_from_kubeconfig(
mock_kubeconfig_with_nested_sensitive_data
)
# Should extract all sensitive values from multiple clusters and users
expected_values = {
"fake-ca-data-1",
"fake-ca-data-2",
"fake-cert-1",
"fake-key-1",
"fake-token-1",
"fake-secret-1",
"fake-api-key-1",
"fake-access-token-1",
"fake-refresh-token-1",
}
assert result == expected_values
def test_extract_sensitive_values_no_sensitive_data(
mock_kubeconfig_without_sensitive_data,
):
result = extract_sensitive_values_from_kubeconfig(
mock_kubeconfig_without_sensitive_data
)
# Should return empty set since there is no sensitive data
assert result == set()
def test_redaction_placeholder_appears_in_output(mock_kubeconfig_with_sensitive_data):
"""Test that sensitive values are replaced with VALUE_SPECIFIED_IN_NO_LOG_PARAMETER in output."""
sensitive_values = extract_sensitive_values_from_kubeconfig(
mock_kubeconfig_with_sensitive_data
)
# Create a mock module output that would contain sensitive data
mock_output = {
"kubeconfig": mock_kubeconfig_with_sensitive_data,
"result": "success",
"sensitive_token": "eyJhbGciOiJSUzI1NiIs...fake-token",
"sensitive_password": "fake-password-123",
}
# Simulate what Ansible does when no_log_values is set
json_str = json.dumps(mock_output)
for sensitive_value in sensitive_values:
json_str = json_str.replace(
f'"{sensitive_value}"', '"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"'
)
redacted_output = json.loads(json_str)
# Verify that sensitive values are replaced with the redaction placeholder
assert redacted_output["sensitive_token"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
assert (
redacted_output["sensitive_password"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
# Verify that non-sensitive data remains unchanged
assert redacted_output["result"] == "success"
assert redacted_output["kubeconfig"]["users"][0]["user"]["username"] == "testuser"
def test_redaction_placeholder_appears_in_nested_output(
mock_kubeconfig_with_nested_sensitive_data,
):
# Extract sensitive values
sensitive_values = extract_sensitive_values_from_kubeconfig(
mock_kubeconfig_with_nested_sensitive_data
)
# Create a mock module output that would contain nested sensitive data
mock_output = {
"kubeconfig": mock_kubeconfig_with_nested_sensitive_data,
"result": "success",
"cluster_ca_data": "fake-ca-data-1",
"user_cert_data": "fake-cert-1",
"user_key_data": "fake-key-1",
"user_token": "fake-token-1",
"user_secret": "fake-secret-1",
"api_key": "fake-api-key-1",
"access_token": "fake-access-token-1",
"refresh_token": "fake-refresh-token-1",
}
# Simulate what Ansible does when no_log_values is set
json_str = json.dumps(mock_output)
for sensitive_value in sensitive_values:
json_str = json_str.replace(
f'"{sensitive_value}"', '"VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"'
)
redacted_output = json.loads(json_str)
# Verify that sensitive values are replaced with the redaction placeholder
assert redacted_output["cluster_ca_data"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
assert redacted_output["user_cert_data"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
assert redacted_output["user_key_data"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
assert redacted_output["user_token"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
assert redacted_output["user_secret"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
assert redacted_output["api_key"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
assert redacted_output["access_token"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
assert redacted_output["refresh_token"] == "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
# Verify that non-sensitive data remains unchanged
assert redacted_output["result"] == "success"
assert redacted_output["kubeconfig"]["apiVersion"] == "v1"
assert redacted_output["kubeconfig"]["kind"] == "Config"
assert redacted_output["kubeconfig"]["clusters"][0]["name"] == "cluster-1"
assert redacted_output["kubeconfig"]["clusters"][1]["name"] == "cluster-2"
assert redacted_output["kubeconfig"]["users"][0]["name"] == "user-1"
# Verify that sensitive values within the nested kubeconfig structure are also redacted
assert (
redacted_output["kubeconfig"]["clusters"][0]["cluster"][
"certificate-authority-data"
]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
assert (
redacted_output["kubeconfig"]["clusters"][1]["cluster"][
"certificate-authority-data"
]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
assert (
redacted_output["kubeconfig"]["users"][0]["user"]["client-certificate-data"]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
assert (
redacted_output["kubeconfig"]["users"][0]["user"]["client-key-data"]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
assert (
redacted_output["kubeconfig"]["users"][0]["user"]["token"]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
assert (
redacted_output["kubeconfig"]["users"][0]["user"]["secret"]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
assert (
redacted_output["kubeconfig"]["users"][0]["user"]["api_key"]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
assert (
redacted_output["kubeconfig"]["users"][0]["user"]["access-token"]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
assert (
redacted_output["kubeconfig"]["users"][0]["user"]["refresh-token"]
== "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
)
def test_warning_for_non_v1_api_version(mock_kubeconfig_v2):
with pytest.warns(UserWarning) as warning_list:
result = extract_sensitive_values_from_kubeconfig(mock_kubeconfig_v2)
# Verify that exactly one warning was raised
assert len(warning_list) == 1
# Verify the warning message content
warning = warning_list[0]
assert "Kubeconfig API version 'v2' is not 'v1'" in str(warning.message)
# Verify that the function still works and extracts sensitive values
expected_values = {
"fake-ca-data-v2",
"fake-token-v2",
"fake-password-v2",
}
assert result == expected_values
def test_no_warning_for_v1_api_version(mock_kubeconfig_with_sensitive_data):
with warnings.catch_warnings(record=True) as warning_list:
warnings.simplefilter("always") # Capture all warnings
result = extract_sensitive_values_from_kubeconfig(
mock_kubeconfig_with_sensitive_data
)
# Filter for UserWarning specifically (our warning type)
user_warnings = [w for w in warning_list if issubclass(w.category, UserWarning)]
assert len(user_warnings) == 0
# Verify that the function still works normally
assert len(result) > 0
def test_no_warning_for_missing_api_version():
"""Test that no warning is raised when apiVersion field is missing (defaults to v1)."""
kubeconfig_no_version = {
"kind": "Config",
"clusters": [
{
"name": "test-cluster",
"cluster": {
"server": "https://test-cluster.example.com",
"certificate-authority-data": "fake-ca-data",
},
}
],
"users": [
{
"name": "test-user",
"user": {
"token": "fake-token",
},
}
],
}
with warnings.catch_warnings(record=True) as warning_list:
warnings.simplefilter("always") # Capture all warnings
result = extract_sensitive_values_from_kubeconfig(kubeconfig_no_version)
# Filter for UserWarning specifically (our warning type)
user_warnings = [w for w in warning_list if issubclass(w.category, UserWarning)]
assert len(user_warnings) == 0
# Verify that the function still works normally
expected_values = {"fake-ca-data", "fake-token"}
assert result == expected_values

Some files were not shown because too many files have changed in this diff Show More