helm - new module to perform helm pull (#410)

helm - new module to perform helm pull Depends-On: ansible/ansible-zuul-jobs#1586 SUMMARY #355 new module to manage chart downloading helm pull ISSUE TYPE Feature Pull Request COMPONENT NAME helm_pull Reviewed-by: Mike Graves <mgraves@redhat.com> Reviewed-by: Bikouo Aubin <None>
ansible-collections · Oct 12, 2022 · 2092d92 · 2092d92
1 parent 29c75fa
commit 2092d92
Show file tree

Hide file tree

Showing 5 changed files with 553 additions and 5 deletions.
diff --git a/plugins/module_utils/helm.py b/plugins/module_utils/helm.py
@@ -161,10 +161,12 @@ def get_helm_version(module, helm_bin):
 
     helm_version_command = helm_bin + " version"
     rc, out, err = module.run_command(helm_version_command)
-    if rc == 0:
-        m = re.match(r'version.BuildInfo{Version:"v([0-9\.]*)",', out)
-        if m:
-            return m.group(1)
+    m = re.match(r'version.BuildInfo{Version:"v([0-9\.]*)",', out)
+    if m:
+        return m.group(1)
+    m = re.match(r'Client: &version.Version{SemVer:"v([0-9\.]*)", ', out)
+    if m:
+        return m.group(1)
     return None
 
 

diff --git a/plugins/modules/helm_pull.py b/plugins/modules/helm_pull.py
@@ -0,0 +1,310 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2022, Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+DOCUMENTATION = r"""
+---
+module: helm_pull
+short_description: download a chart from a repository and (optionally) unpack it in local directory.
+version_added: "2.4.0"
+author:
+  - Aubin Bikouo (@abikouo)
+description:
+  - Retrieve a package from a package repository, and download it locally.
+  - It can also be used to perform cryptographic verification of a chart without installing the chart.
+  - There are options for unpacking the chart after download.
+
+requirements:
+  - "helm >= 3.0 (https://github.com/helm/helm/releases)"
+
+options:
+  chart_ref:
+    description:
+      - chart name on chart repository.
+      - absolute URL.
+    required: true
+    type: str
+  chart_version:
+    description:
+      - Specify a version constraint for the chart version to use.
+      - This constraint can be a specific tag (e.g. 1.1.1) or it may reference a valid range (e.g. ^2.0.0).
+      - Mutually exclusive with C(chart_devel).
+    type: str
+  verify_chart:
+    description:
+      - Verify the package before using it.
+    default: False
+    type: bool
+  verify_chart_keyring:
+    description:
+      - location of public keys used for verification.
+    type: path
+  provenance:
+    description:
+      - Fetch the provenance file, but don't perform verification.
+    type: bool
+    default: False
+  repo_url:
+    description:
+      - chart repository url where to locate the requested chart.
+    type: str
+    aliases: [ url, chart_repo_url ]
+  repo_username:
+    description:
+      - Chart repository username where to locate the requested chart.
+      - Required if C(repo_password) is specified.
+    type: str
+    aliases: [ username, chart_repo_username ]
+  repo_password:
+    description:
+      - Chart repository password where to locate the requested chart.
+      - Required if C(repo_username) is specified.
+    type: str
+    aliases: [ password, chart_repo_password ]
+  pass_credentials:
+    description:
+      - Pass credentials to all domains.
+    default: False
+    type: bool
+  skip_tls_certs_check:
+    description:
+    - Whether or not to check tls certificate for the chart download.
+    - Requires helm >= 3.3.0.
+    type: bool
+    default: False
+  chart_devel:
+    description:
+    - Use development versions, too. Equivalent to version '>0.0.0-0'.
+    - Mutually exclusive with C(chart_version).
+    type: bool
+  untar_chart:
+    description:
+    - if set to true, will untar the chart after downloading it.
+    type: bool
+    default: False
+  destination:
+    description:
+    - location to write the chart.
+    type: path
+    required: True
+  chart_ca_cert:
+    description:
+    - Verify certificates of HTTPS-enabled servers using this CA bundle.
+    - Requires helm >= 3.1.0.
+    type: path
+  chart_ssl_cert_file:
+    description:
+    - Identify HTTPS client using this SSL certificate file.
+    - Requires helm >= 3.1.0.
+    type: path
+  chart_ssl_key_file:
+    description:
+    - Identify HTTPS client using this SSL key file
+    - Requires helm >= 3.1.0.
+    type: path
+  binary_path:
+    description:
+      - The path of a helm binary to use.
+    required: false
+    type: path
+"""
+
+EXAMPLES = r"""
+- name: Download chart using chart url
+  kubernetes.core.helm_pull:
+    chart_ref: https://github.com/grafana/helm-charts/releases/download/grafana-5.6.0/grafana-5.6.0.tgz
+    destination: /path/to/chart
+
+- name: Download Chart using chart_name and repo_url
+  kubernetes.core.helm_pull:
+    chart_ref: redis
+    repo_url: https://charts.bitnami.com/bitnami
+    untar_chart: yes
+    destination: /path/to/chart
+
+- name: Download Chart (skip tls certificate check)
+  kubernetes.core.helm_pull:
+    chart_ref: redis
+    repo_url: https://charts.bitnami.com/bitnami
+    untar_chart: yes
+    destination: /path/to/chart
+    skip_tls_certs_check: yes
+
+- name: Download Chart using chart registry credentials
+  kubernetes.core.helm_pull:
+    chart_ref: redis
+    repo_url: https://charts.bitnami.com/bitnami
+    untar_chart: yes
+    destination: /path/to/chart
+    username: myuser
+    password: mypassword123
+"""
+
+RETURN = r"""
+stdout:
+  type: str
+  description: Full `helm pull` command stdout, in case you want to display it or examine the event log
+  returned: always
+  sample: ''
+stderr:
+  type: str
+  description: Full `helm pull` command stderr, in case you want to display it or examine the event log
+  returned: always
+  sample: ''
+command:
+  type: str
+  description: Full `helm pull` command built by this module, in case you want to re-run the command outside the module or debug a problem.
+  returned: always
+  sample: helm pull --repo test ...
+rc:
+  type: int
+  description: Helm pull command return code
+  returned: always
+  sample: 1
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.kubernetes.core.plugins.module_utils.helm import (
+    run_helm,
+    get_helm_version,
+)
+from ansible_collections.kubernetes.core.plugins.module_utils.version import (
+    LooseVersion,
+)
+
+
+def main():
+    argspec = dict(
+        chart_ref=dict(type="str", required=True),
+        chart_version=dict(type="str"),
+        verify_chart=dict(type="bool", default=False),
+        verify_chart_keyring=dict(type="path"),
+        provenance=dict(type="bool", default=False),
+        repo_url=dict(type="str", aliases=["url", "chart_repo_url"]),
+        repo_username=dict(type="str", aliases=["username", "chart_repo_username"]),
+        repo_password=dict(
+            type="str", no_log=True, aliases=["password", "chart_repo_password"]
+        ),
+        pass_credentials=dict(type="bool", default=False),
+        skip_tls_certs_check=dict(type="bool", default=False),
+        chart_devel=dict(type="bool"),
+        untar_chart=dict(type="bool", default=False),
+        destination=dict(type="path", required=True),
+        chart_ca_cert=dict(type="path"),
+        chart_ssl_cert_file=dict(type="path"),
+        chart_ssl_key_file=dict(type="path"),
+        binary_path=dict(type="path"),
+    )
+    module = AnsibleModule(
+        argument_spec=argspec,
+        supports_check_mode=True,
+        required_by=dict(
+            repo_username=("repo_password"),
+            repo_password=("repo_username"),
+        ),
+        mutually_exclusive=[("chart_version", "chart_devel")],
+    )
+
+    bin_path = module.params.get("binary_path")
+    if bin_path is not None:
+        helm_cmd_common = bin_path
+    else:
+        helm_cmd_common = "helm"
+
+    helm_cmd_common = module.get_bin_path(helm_cmd_common, required=True)
+
+    helm_version = get_helm_version(module, helm_cmd_common)
+    if LooseVersion(helm_version) < LooseVersion("3.0.0"):
+        module.fail_json(
+            msg="This module requires helm >= 3.0.0, current version is {0}".format(
+                helm_version
+            )
+        )
+
+    helm_pull_opt_versionning = dict(
+        skip_tls_certs_check="3.3.0",
+        chart_ca_cert="3.1.0",
+        chart_ssl_cert_file="3.1.0",
+        chart_ssl_key_file="3.1.0",
+    )
+
+    def test_version_requirement(opt):
+        req_version = helm_pull_opt_versionning.get(opt)
+        if req_version and LooseVersion(helm_version) < LooseVersion(req_version):
+            module.fail_json(
+                msg="Parameter {0} requires helm >= {1}, current version is {2}".format(
+                    opt, req_version, helm_version
+                )
+            )
+
+    # Set `helm pull` arguments requiring values
+    helm_pull_opts = []
+
+    helm_value_args = dict(
+        chart_version="version",
+        verify_chart_keyring="keyring",
+        repo_url="repo",
+        repo_username="username",
+        repo_password="password",
+        destination="destination",
+        chart_ca_cert="ca-file",
+        chart_ssl_cert_file="cert-file",
+        chart_ssl_key_file="key-file",
+    )
+
+    for opt, cmdkey in helm_value_args.items():
+        if module.params.get(opt):
+            test_version_requirement(opt)
+            helm_pull_opts.append("--{0} {1}".format(cmdkey, module.params.get(opt)))
+
+    # Set `helm pull` arguments flags
+    helm_flag_args = dict(
+        verify_chart=dict(key="verify"),
+        provenance=dict(key="prov"),
+        pass_credentials=dict(key="pass-credentials"),
+        skip_tls_certs_check=dict(key="insecure-skip-tls-verify"),
+        chart_devel=dict(key="devel"),
+        untar_chart=dict(key="untar"),
+    )
+
+    for k, v in helm_flag_args.items():
+        if module.params.get(k):
+            test_version_requirement(k)
+            helm_pull_opts.append("--{0}".format(v["key"]))
+
+    helm_cmd_common = "{0} pull {1} {2}".format(
+        helm_cmd_common, module.params.get("chart_ref"), " ".join(helm_pull_opts)
+    )
+    if not module.check_mode:
+        rc, out, err = run_helm(module, helm_cmd_common, fails_on_error=False)
+    else:
+        rc, out, err = (0, "", "")
+
+    if rc == 0:
+        module.exit_json(
+            failed=False,
+            changed=True,
+            command=helm_cmd_common,
+            stdout=out,
+            stderr=err,
+            rc=rc,
+        )
+    else:
+        module.fail_json(
+            msg="Failure when executing Helm command.",
+            command=helm_cmd_common,
+            changed=False,
+            stdout=out,
+            stderr=err,
+            rc=rc,
+        )
+
+
+if __name__ == "__main__":
+    main()
diff --git a/tests/integration/targets/helm/aliases b/tests/integration/targets/helm/aliases
@@ -1,8 +1,9 @@
 # slow - 11min
 slow
-time=313
+time=334
 helm_info
 helm_plugin
 helm_plugin_info
 helm_repository
 helm_template
+helm_pull
diff --git a/tests/integration/targets/helm/tasks/run_test.yml b/tests/integration/targets/helm/tasks/run_test.yml
@@ -46,6 +46,9 @@
 - name: Test in-memory kubeconfig
   include_tasks: tests_in_memory_kubeconfig.yml
 
+- name: Test helm pull
+  include_tasks: tests_helm_pull.yml
+
 - name: Clean helm install
   file:
     path: "{{ item }}"