Add quadlet file mode option to specify file permission (#867)

* Add quadlet file mode option Signed-off-by: ghoudmon <guillaume@houdmon.com> * Fix file mode only change test Signed-off-by: ghoudmon <guillaume@houdmon.com> --------- Signed-off-by: ghoudmon <guillaume@houdmon.com>
2026-04-25 18:42:40 +00:00 · 2024-10-22 14:20:26 +02:00 · 2024-10-22 14:20:26 +02:00 · 2deadf069a
commit 2deadf069a
parent 84cff745f9
15 changed files with 193 additions and 6 deletions
--- a/plugins/module_utils/podman/podman_container_lib.py
+++ b/plugins/module_utils/podman/podman_container_lib.py
@ -148,6 +148,7 @@ ARGUMENTS_SPEC_CONTAINER = dict(
    pull=dict(type='str', choices=['always', 'missing', 'never', 'newer']),
    quadlet_dir=dict(type='path'),
    quadlet_filename=dict(type='str'),
+    quadlet_file_mode=dict(type='raw'),
    quadlet_options=dict(type='list', elements='str'),
    rdt_class=dict(type='str'),
    read_only=dict(type='bool'),
--- a/plugins/module_utils/podman/podman_pod_lib.py
+++ b/plugins/module_utils/podman/podman_pod_lib.py
@ -71,6 +71,7 @@ ARGUMENTS_SPEC_POD = dict(
                 elements='str', aliases=['ports']),
    quadlet_dir=dict(type='path'),
    quadlet_filename=dict(type='str'),
+    quadlet_file_mode=dict(type='raw', required=False),
    quadlet_options=dict(type='list', elements='str'),
    restart_policy=dict(type='str', required=False),
    security_opt=dict(type='list', elements='str', required=False),
--- a/plugins/module_utils/podman/quadlet.py
+++ b/plugins/module_utils/podman/quadlet.py
@ -706,6 +706,11 @@ def create_quadlet_state(module, issuer):
    # Check if the directory exists and is writable
    if not module.check_mode:
        check_quadlet_directory(module, quadlet_dir)
+    # Specify file permissions
+    mode = module.params.get('quadlet_file_mode', None)
+    if mode is None and not os.path.exists(quadlet_file_path):
+        # default mode for new quadlet file only
+        mode = '0640'
    # Check if file already exists and if it's different
    quadlet = class_map[issuer](module.params)
    quadlet_content = quadlet.create_quadlet_content()
@ -713,6 +718,8 @@ def create_quadlet_state(module, issuer):
    if bool(file_diff):
        if not module.check_mode:
            quadlet.write_to_file(quadlet_file_path)
+            if mode is not None:
+                module.set_mode_if_different(quadlet_file_path, mode, False)
        results_update = {
            'changed': True,
            "diff": {
@ -720,7 +727,15 @@ def create_quadlet_state(module, issuer):
                "after": "\n".join(file_diff[1]) if isinstance(file_diff[1], list) else file_diff[1] + "\n",
            }}
    else:
-        results_update = {}
+        # adjust file permissions
+        diff = {}
+        if mode is not None and module.set_mode_if_different(quadlet_file_path, mode, False, diff):
+            results_update = {
+                'changed': True,
+                'diff': diff
+            }
+        else:
+            results_update = {}
    return results_update

 # Check with following command: