Add quadlet file mode option to specify file permission (#867)

* Add quadlet file mode option Signed-off-by: ghoudmon <guillaume@houdmon.com> * Fix file mode only change test Signed-off-by: ghoudmon <guillaume@houdmon.com> --------- Signed-off-by: ghoudmon <guillaume@houdmon.com>
2026-05-02 05:42:51 +00:00 · 2024-10-22 14:20:26 +02:00 · 2024-10-22 14:20:26 +02:00 · 2deadf069a
commit 2deadf069a
parent 84cff745f9
15 changed files with 193 additions and 6 deletions
--- a/plugins/modules/podman_container.py
+++ b/plugins/modules/podman_container.py
@ -876,6 +876,20 @@ options:
    description:
      - Name of quadlet file to write. By default it takes C(name) value.
    type: str
+  quadlet_file_mode:
+    description:
+      - The permissions of the quadlet file.
+      - The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
+        For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
+        octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
+        and can do its own conversion from string into number. Giving Ansible a number without following one of these
+        rules will end up with a decimal number which will have unexpected results.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
+        when setting the mode for the newly created file.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
+      - Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
+    type: raw
+    required: false
  quadlet_options:
    description:
      - Options for the quadlet file. Provide missing in usual container args
@ -1214,6 +1228,7 @@ EXAMPLES = r"""
    image: nginx
    state: quadlet
    quadlet_filename: custome-container
+    quadlet_file_mode: '0640'
    device: "/dev/sda:/dev/xvda:rwm"
    ports:
      - "8080:80"
--- a/plugins/modules/podman_image.py
+++ b/plugins/modules/podman_image.py
@ -204,6 +204,20 @@ DOCUMENTATION = r'''
      description:
        - Name of quadlet file to write. By default it takes image name without prefixes and tags.
      type: str
+    quadlet_file_mode:
+      description:
+        - The permissions of the quadlet file.
+        - The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
+          For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
+          octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
+          and can do its own conversion from string into number. Giving Ansible a number without following one of these
+          rules will end up with a decimal number which will have unexpected results.
+        - If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
+          when setting the mode for the newly created file.
+        - If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
+        - Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
+      type: raw
+      required: false
    quadlet_options:
      description:
        - Options for the quadlet file. Provide missing in usual network args
@ -332,6 +346,7 @@ EXAMPLES = r"""
    state: quadlet
    quadlet_dir: /etc/containers/systemd
    quadlet_filename: alpine-latest
+    quadlet_file_mode: '0640'
    quadlet_options:
      - Variant=arm/v7
      - |
@ -961,6 +976,7 @@ def main():
            ca_cert_dir=dict(type='path'),
            quadlet_dir=dict(type='path', required=False),
            quadlet_filename=dict(type='str'),
+            quadlet_file_mode=dict(type='raw', required=False),
            quadlet_options=dict(type='list', elements='str', required=False),
            build=dict(
                type='dict',
--- a/plugins/modules/podman_network.py
+++ b/plugins/modules/podman_network.py
@ -219,6 +219,20 @@ options:
    description:
      - Name of quadlet file to write. By default it takes I(name) value.
    type: str
+  quadlet_file_mode:
+    description:
+      - The permissions of the quadlet file.
+      - The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
+        For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
+        octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
+        and can do its own conversion from string into number. Giving Ansible a number without following one of these
+        rules will end up with a decimal number which will have unexpected results.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
+        when setting the mode for the newly created file.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
+      - Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
+    type: raw
+    required: false
  quadlet_options:
    description:
      - Options for the quadlet file. Provide missing in usual network args
@ -859,6 +873,7 @@ def main():
            route=dict(type='list', elements='str', required=False),
            quadlet_dir=dict(type='path', required=False),
            quadlet_filename=dict(type='str', required=False),
+            quadlet_file_mode=dict(type='raw', required=False),
            quadlet_options=dict(type='list', elements='str', required=False),
            net_config=dict(type='list', required=False, elements='dict',
                            options=dict(
--- a/plugins/modules/podman_play.py
+++ b/plugins/modules/podman_play.py
@ -171,6 +171,20 @@ options:
    description:
      - Name of quadlet file to write. Must be specified if state is quadlet.
    type: str
+  quadlet_file_mode:
+    description:
+      - The permissions of the quadlet file.
+      - The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
+        For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
+        octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
+        and can do its own conversion from string into number. Giving Ansible a number without following one of these
+        rules will end up with a decimal number which will have unexpected results.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
+        when setting the mode for the newly created file.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
+      - Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
+    type: raw
+    required: false
  quadlet_options:
    description:
      - Options for the quadlet file. Provide missing in usual network args
@ -208,6 +222,7 @@ EXAMPLES = '''
      greet_to: world
    userns: host
    quadlet_filename: kube-pod
+    quadlet_file_mode: '0640'
    quadlet_options:
      - "SetWorkingDirectory=yaml"
      - "ExitCodePropagation=any"
@ -413,6 +428,7 @@ def main():
                choices=["debug", "info", "warn", "error", "fatal", "panic"]),
            quadlet_dir=dict(type='path', required=False),
            quadlet_filename=dict(type='str', required=False),
+            quadlet_file_mode=dict(type='raw', required=False),
            quadlet_options=dict(type='list', elements='str', required=False),
        ),
        supports_check_mode=True,
--- a/plugins/modules/podman_pod.py
+++ b/plugins/modules/podman_pod.py
@ -371,6 +371,20 @@ options:
    description:
      - Name of quadlet file to write. By default it takes I(name) value.
    type: str
+  quadlet_file_mode:
+    description:
+      - The permissions of the quadlet file.
+      - The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
+        For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
+        octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
+        and can do its own conversion from string into number. Giving Ansible a number without following one of these
+        rules will end up with a decimal number which will have unexpected results.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default C(umask) on the system will be used
+        when setting the mode for the newly created file.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
+      - Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
+    type: raw
+    required: false
  quadlet_options:
    description:
      - Options for the quadlet file. Provide missing in usual container args
--- a/plugins/modules/podman_volume.py
+++ b/plugins/modules/podman_volume.py
@ -76,6 +76,20 @@ options:
    description:
      - Name of quadlet file to write. By default it takes I(name) value.
    type: str
+  quadlet_file_mode:
+    description:
+      - The permissions of the quadlet file.
+      - The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
+        For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
+        octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
+        and can do its own conversion from string into number. Giving Ansible a number without following one of these
+        rules will end up with a decimal number which will have unexpected results.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
+        when setting the mode for the newly created file.
+      - If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
+      - Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
+    type: raw
+    required: false
  quadlet_options:
    description:
      - Options for the quadlet file. Provide missing in usual network args
@ -127,6 +141,7 @@ EXAMPLES = '''
    state: quadlet
    name: quadlet_volume
    quadlet_filename: custom-name
+    quadlet_file_mode: '0640'
    quadlet_options:
      - Group=192
      - Copy=true
@ -569,6 +584,7 @@ def main():
            debug=dict(type='bool', default=False),
            quadlet_dir=dict(type='path', required=False),
            quadlet_filename=dict(type='str', required=False),
+            quadlet_file_mode=dict(type='raw', required=False),
            quadlet_options=dict(type='list', elements='str', required=False),
        ))