From ec87c5b51e28bfa9c855e92528e7b609acff22e6 Mon Sep 17 00:00:00 2001
From: Yuriy Novostavskiy <yuriy@novostavskiy.kiev.ua>
Date: Wed, 20 Nov 2024 00:27:42 +0000
Subject: [PATCH] Initial integration tests

---
 .../helm_registry_auth/defaults/main.yaml     |   9 +
 .../files/registry.password                   |   1 +
 .../targets/helm_registry_auth/meta/main.yml  |   3 +
 .../targets/helm_registry_auth/playbook.yaml  |   7 +
 .../targets/helm_registry_auth/runme.sh       |   5 +
 .../helm_registry_auth/tasks/main.yaml        | 167 ++++++++++++++++++
 6 files changed, 192 insertions(+)
 create mode 100644 tests/integration/targets/helm_registry_auth/defaults/main.yaml
 create mode 100644 tests/integration/targets/helm_registry_auth/files/registry.password
 create mode 100644 tests/integration/targets/helm_registry_auth/meta/main.yml
 create mode 100644 tests/integration/targets/helm_registry_auth/playbook.yaml
 create mode 100755 tests/integration/targets/helm_registry_auth/runme.sh
 create mode 100644 tests/integration/targets/helm_registry_auth/tasks/main.yaml

diff --git a/tests/integration/targets/helm_registry_auth/defaults/main.yaml b/tests/integration/targets/helm_registry_auth/defaults/main.yaml
new file mode 100644
index 0000000000..91684c1792
--- /dev/null
+++ b/tests/integration/targets/helm_registry_auth/defaults/main.yaml
@@ -0,0 +1,9 @@
+---
+# Username and password for the registry
+username: testuser
+password: testpassword
+htpasswd: 'testuser:$apr1$4FUD82Ux$RUwY1cgnLSolC1WgjH5vY0'
+wrong_password: 'WrongPassword'
+registry_name: oci_registry
+registry_port: 5000
+test_chart: https://github.com/grafana/helm-charts/releases/download/k8s-monitoring-1.6.8/k8s-monitoring-1.6.8.tgz
diff --git a/tests/integration/targets/helm_registry_auth/files/registry.password b/tests/integration/targets/helm_registry_auth/files/registry.password
new file mode 100644
index 0000000000..0b76d4d0c3
--- /dev/null
+++ b/tests/integration/targets/helm_registry_auth/files/registry.password
@@ -0,0 +1 @@
+testuser:$2y$05$PmdUjSCJYdRUZlsYy8QGWuJDiwuHtWXa28YrELlN5haeHkZ1seZZG
diff --git a/tests/integration/targets/helm_registry_auth/meta/main.yml b/tests/integration/targets/helm_registry_auth/meta/main.yml
new file mode 100644
index 0000000000..cf4590dee9
--- /dev/null
+++ b/tests/integration/targets/helm_registry_auth/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - install_helm
diff --git a/tests/integration/targets/helm_registry_auth/playbook.yaml b/tests/integration/targets/helm_registry_auth/playbook.yaml
new file mode 100644
index 0000000000..6444271ae6
--- /dev/null
+++ b/tests/integration/targets/helm_registry_auth/playbook.yaml
@@ -0,0 +1,7 @@
+---
+- name: Test helm_registry_auth module
+  hosts: localhost
+  connection: local
+  gather_facts: true
+  roles:
+  - helm_registry_auth
diff --git a/tests/integration/targets/helm_registry_auth/runme.sh b/tests/integration/targets/helm_registry_auth/runme.sh
new file mode 100755
index 0000000000..02ef146038
--- /dev/null
+++ b/tests/integration/targets/helm_registry_auth/runme.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -eux
+export ANSIBLE_CALLBACKS_ENABLED=profile_tasks
+export ANSIBLE_ROLES_PATH=../
+ansible-playbook playbook.yaml "$@"
\ No newline at end of file
diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml
new file mode 100644
index 0000000000..3eac12159d
--- /dev/null
+++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml
@@ -0,0 +1,167 @@
+---
+- name: Run module test
+  block:
+    - name: Ensure that helm is installed
+      ansible.builtin.shell: helm version --client --short | grep v3
+      register: _helm_version
+      failed_when: _helm_version.rc != 0
+    
+    - name: Ensure that Docker demon is running
+      ansible.builtin.command: "docker info"
+      register: _docker_info
+      failed_when: _docker_info.rc != 0
+    
+    - name: Create a tmpfile htpasswd
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: .httppasswd
+      register: _tmpfile
+
+    - name: Copy htpasswd to the tmpfile
+      ansible.builtin.copy:
+        src: registry.password
+        dest: "{{ _tmpfile.path }}/registry.password"
+    
+    - name: Setup the registry
+      ansible.builtin.command: >-
+        docker run -d --rm
+        -p {{ registry_port }}:5000
+        --name "{{ registry_name }}"
+        -v "{{ _tmpfile.path }}:/auth"
+        -e "REGISTRY_AUTH=htpasswd"
+        -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
+        -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry.password
+        registry:2
+      register: _setup_registry
+      failed_when: _setup_registry.rc != 0
+
+    - name: Ensure that the registry is running and rechable
+      ansible.builtin.wait_for:
+        host: localhost
+        port: "{{ registry_port }}"
+
+    - name: Test the registry with correct credentials
+      ansible.builtin.shell: >-
+        echo {{ password | quote }} | helm registry login localhost:{{ registry_port }}
+        -u {{ username }} --password-stdin
+      register: _login_correct
+      failed_when: _login_correct.rc != 0
+    
+    # - name: Clean up credentials
+    #   ansible.builtin.shell: >-
+    #     helm registry logout localhost:{{ registry_port }}
+    #   register: _logout
+    #   failed_when: _logout.rc != 0
+
+    - name: Create directory for helm chart
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: ".helm"
+      register: _destination 
+
+    - name: Pull test helm chart
+      # ansible.builtin.command: helm chart pull "{{ test_chart }}" -d "{{ _destination.path }}"
+      # register: _result
+      # failed_when: _result.failed
+      ansible.builtin.uri:
+        url: "{{ test_chart }}"
+        dest: "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz"
+        return_content: no
+        status_code: 200
+
+    # - name: Test module helm_registry_auth with correct credentials
+    #   helm_registry_auth:
+    #     username: "{{ username }}"
+    #     password: "{{ password }}"
+    #     registry: localhost:{{ registry_port }}
+    #     state: present
+    #   register: _helm_registry_auth_correct
+    #   failed_when: _helm_registry_auth_correct.failed
+    - name: Test the registry with correct credentials (to be removed)
+      ansible.builtin.shell: >-
+        echo {{ password | quote }} | helm registry login localhost:{{ registry_port }}
+        -u {{ username }} --password-stdin
+      register: _helm_registry_auth_correct
+
+    - name: Assert that the registry is logged in
+      # Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464
+      assert:
+        that: "'Login Succeeded' in _helm_registry_auth_correct.stderr"
+    
+    - name: Ensure that push to the registry is working
+      ansible.builtin.shell: >-
+        helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz"  oci://localhost:{{ registry_port }}/test/
+      register: _save_chart
+      failed_when: _save_chart.rc != 0
+    
+    - name: Assert that the chart is saved
+      # Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464
+      assert:
+        that: "'Pushed: localhost:{{ registry_port }}/test/k8s-monitoring' in _save_chart.stderr"
+  
+   
+    # - name: Test logout
+    #   helm_registry_auth:
+    #     registry: localhost:{{ registry_port }}
+    #     state: absent
+    #   register: _helm_registry_auth_logout
+    #   failed_when: _helm_registry_auth_logout.failed
+    - name: Test logout (to be removed)
+      ansible.builtin.shell: helm registry logout localhost:{{ registry_port }}
+      register: _helm_registry_auth_logout
+
+    - name: Assert logout
+      # Helm binary prints the message to stderr
+      assert:
+        that: "'Removing login credentials' in _helm_registry_auth_logout.stderr"
+
+    - name: Ensure that not able to push to the registry
+      ansible.builtin.shell: >-
+        helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz"  oci://localhost:{{ registry_port }}/test/
+      register: _save_chart
+      failed_when: _save_chart.rc == 0
+    
+    - name: Assert that the chart is not saved
+      # Helm binary prints the message to stderr
+      ansible.builtin.assert:
+        that:
+          - "'push access denied' in _save_chart.stderr"
+          - "'authorization failed' in _save_chart.stderr"
+          - "_save_chart.rc != 0"
+
+    # - name: Test module helm_registry_auth with wrong credentials
+    #   helm_registry_auth:
+    #     username: "{{ username }}"
+    #     password: "{{ wrong_password }}"
+    #     registry: localhost:{{ registry_port }}
+    #     state: present
+    #   register: _helm_registry_auth_wrong
+    #   failed_when: _helm_registry_auth_wrong.rc == 0
+    - name: Test module helm_registry_auth with wrong credentials (to be removed)
+      ansible.builtin.shell: >-
+        echo {{ wrong_password | quote }} | helm registry login localhost:{{ registry_port }}
+        -u {{ username }} --password-stdin
+      register: _helm_registry_auth_wrong
+      failed_when: _helm_registry_auth_wrong.rc == 0
+
+    - name: Assert that the registry is not logged in
+      ansible.builtin.assert:
+        that: 
+          - "'401 Unauthorized' in _helm_registry_auth_wrong.stderr"
+          - "_helm_registry_auth_wrong.rc != 0"
+
+  # Clean up
+  always:
+    - name: Stop and remove the registry
+      ansible.builtin.command: docker stop {{ registry_name }}
+      ignore_errors: true
+    
+    - name: Remove the tmpfile
+      ansible.builtin.file:
+        state: absent
+        path: "{{ item }}"
+        force: true
+      loop:
+        - "{{ _tmpfile.path }}"
+        - "{{ _destination.path }}"
+      ignore_errors: true