ansible/ansible-podman-collections
1
0
Fork 0
mirror of https://github.com/containers/ansible-podman-collections.git synced 2026-02-04 07:11:49 +00:00
Code Activity

Add quadlet file mode option to specify file permission (#867)

Browse source 
* Add quadlet file mode option

Signed-off-by: ghoudmon <guillaume@houdmon.com>

* Fix file mode only change test

Signed-off-by: ghoudmon <guillaume@houdmon.com>

---------

Signed-off-by: ghoudmon <guillaume@houdmon.com>
This commit is contained in:
Guillaume HOUDMON 2024-10-22 14:20:26 +02:00 committed by GitHub
parent 84cff745f9
commit 2deadf069a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 193 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
plugins/module_utils/podman/podman_container_lib.py
View file

@ -148,6 +148,7 @@ ARGUMENTS_SPEC_CONTAINER = dict(
pull=dict(type='str', choices=['always', 'missing', 'never', 'newer']),
quadlet_dir=dict(type='path'),
quadlet_filename=dict(type='str'),
quadlet_file_mode=dict(type='raw'),
quadlet_options=dict(type='list', elements='str'),
rdt_class=dict(type='str'),
read_only=dict(type='bool'),

1
plugins/module_utils/podman/podman_pod_lib.py
View file

@ -71,6 +71,7 @@ ARGUMENTS_SPEC_POD = dict(
elements='str', aliases=['ports']),
quadlet_dir=dict(type='path'),
quadlet_filename=dict(type='str'),
quadlet_file_mode=dict(type='raw', required=False),
quadlet_options=dict(type='list', elements='str'),
restart_policy=dict(type='str', required=False),
security_opt=dict(type='list', elements='str', required=False),

17
plugins/module_utils/podman/quadlet.py
View file

@ -706,6 +706,11 @@ def create_quadlet_state(module, issuer):
# Check if the directory exists and is writable
if not module.check_mode:
check_quadlet_directory(module, quadlet_dir)
# Specify file permissions
mode = module.params.get('quadlet_file_mode', None)
if mode is None and not os.path.exists(quadlet_file_path):
# default mode for new quadlet file only
mode = '0640'
# Check if file already exists and if it's different
quadlet = class_map[issuer](module.params)
quadlet_content = quadlet.create_quadlet_content()
@ -713,6 +718,8 @@ def create_quadlet_state(module, issuer):
if bool(file_diff):
if not module.check_mode:
quadlet.write_to_file(quadlet_file_path)
if mode is not None:
module.set_mode_if_different(quadlet_file_path, mode, False)
results_update = {
'changed': True,
"diff": {
@ -720,7 +727,15 @@ def create_quadlet_state(module, issuer):
"after": "\n".join(file_diff[1]) if isinstance(file_diff[1], list) else file_diff[1] + "\n",
}}
else:
results_update = {}
# adjust file permissions
diff = {}
if mode is not None and module.set_mode_if_different(quadlet_file_path, mode, False, diff):
results_update = {
'changed': True,
'diff': diff
}
else:
results_update = {}
return results_update
# Check with following command:

15
plugins/modules/podman_container.py
View file

@ -876,6 +876,20 @@ options:
description:
- Name of quadlet file to write. By default it takes C(name) value.
type: str
quadlet_file_mode:
description:
- The permissions of the quadlet file.
- The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
and can do its own conversion from string into number. Giving Ansible a number without following one of these
rules will end up with a decimal number which will have unexpected results.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
when setting the mode for the newly created file.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
- Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
type: raw
required: false
quadlet_options:
description:
- Options for the quadlet file. Provide missing in usual container args
@ -1214,6 +1228,7 @@ EXAMPLES = r"""
image: nginx
state: quadlet
quadlet_filename: custome-container
quadlet_file_mode: '0640'
device: "/dev/sda:/dev/xvda:rwm"
ports:
- "8080:80"

16
plugins/modules/podman_image.py
View file

@ -204,6 +204,20 @@ DOCUMENTATION = r'''
description:
- Name of quadlet file to write. By default it takes image name without prefixes and tags.
type: str
quadlet_file_mode:
description:
- The permissions of the quadlet file.
- The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
and can do its own conversion from string into number. Giving Ansible a number without following one of these
rules will end up with a decimal number which will have unexpected results.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
when setting the mode for the newly created file.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
- Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
type: raw
required: false
quadlet_options:
description:
- Options for the quadlet file. Provide missing in usual network args
@ -332,6 +346,7 @@ EXAMPLES = r"""
state: quadlet
quadlet_dir: /etc/containers/systemd
quadlet_filename: alpine-latest
quadlet_file_mode: '0640'
quadlet_options:
- Variant=arm/v7
- |
@ -961,6 +976,7 @@ def main():
ca_cert_dir=dict(type='path'),
quadlet_dir=dict(type='path', required=False),
quadlet_filename=dict(type='str'),
quadlet_file_mode=dict(type='raw', required=False),
quadlet_options=dict(type='list', elements='str', required=False),
build=dict(
type='dict',

15
plugins/modules/podman_network.py
View file

@ -219,6 +219,20 @@ options:
description:
- Name of quadlet file to write. By default it takes I(name) value.
type: str
quadlet_file_mode:
description:
- The permissions of the quadlet file.
- The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
and can do its own conversion from string into number. Giving Ansible a number without following one of these
rules will end up with a decimal number which will have unexpected results.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
when setting the mode for the newly created file.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
- Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
type: raw
required: false
quadlet_options:
description:
- Options for the quadlet file. Provide missing in usual network args
@ -859,6 +873,7 @@ def main():
route=dict(type='list', elements='str', required=False),
quadlet_dir=dict(type='path', required=False),
quadlet_filename=dict(type='str', required=False),
quadlet_file_mode=dict(type='raw', required=False),
quadlet_options=dict(type='list', elements='str', required=False),
net_config=dict(type='list', required=False, elements='dict',
options=dict(

16
plugins/modules/podman_play.py
View file

@ -171,6 +171,20 @@ options:
description:
- Name of quadlet file to write. Must be specified if state is quadlet.
type: str
quadlet_file_mode:
description:
- The permissions of the quadlet file.
- The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
and can do its own conversion from string into number. Giving Ansible a number without following one of these
rules will end up with a decimal number which will have unexpected results.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
when setting the mode for the newly created file.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
- Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
type: raw
required: false
quadlet_options:
description:
- Options for the quadlet file. Provide missing in usual network args
@ -208,6 +222,7 @@ EXAMPLES = '''
greet_to: world
userns: host
quadlet_filename: kube-pod
quadlet_file_mode: '0640'
quadlet_options:
- "SetWorkingDirectory=yaml"
- "ExitCodePropagation=any"
@ -413,6 +428,7 @@ def main():
choices=["debug", "info", "warn", "error", "fatal", "panic"]),
quadlet_dir=dict(type='path', required=False),
quadlet_filename=dict(type='str', required=False),
quadlet_file_mode=dict(type='raw', required=False),
quadlet_options=dict(type='list', elements='str', required=False),
),
supports_check_mode=True,

14
plugins/modules/podman_pod.py
View file

@ -371,6 +371,20 @@ options:
description:
- Name of quadlet file to write. By default it takes I(name) value.
type: str
quadlet_file_mode:
description:
- The permissions of the quadlet file.
- The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
and can do its own conversion from string into number. Giving Ansible a number without following one of these
rules will end up with a decimal number which will have unexpected results.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default C(umask) on the system will be used
when setting the mode for the newly created file.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
- Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
type: raw
required: false
quadlet_options:
description:
- Options for the quadlet file. Provide missing in usual container args

16
plugins/modules/podman_volume.py
View file

@ -76,6 +76,20 @@ options:
description:
- Name of quadlet file to write. By default it takes I(name) value.
type: str
quadlet_file_mode:
description:
- The permissions of the quadlet file.
- The O(quadlet_file_mode) can be specied as octal numbers or as a symbolic mode (for example, V(u+rwx) or V(u=rw,g=r,o=r)).
For octal numbers format, you must either add a leading zero so that Ansible's YAML parser knows it is an
octal number (like V(0644) or V(01777)) or quote it (like V('644') or V('1777')) so Ansible receives a string
and can do its own conversion from string into number. Giving Ansible a number without following one of these
rules will end up with a decimal number which will have unexpected results.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does not) exist, the default V('0640') mask will be used
when setting the mode for the newly created file.
- If O(quadlet_file_mode) is not specified and the quadlet file B(does) exist, the mode of the existing file will be used.
- Specifying O(quadlet_file_mode) is the best way to ensure files are created with the correct permissions.
type: raw
required: false
quadlet_options:
description:
- Options for the quadlet file. Provide missing in usual network args
@ -127,6 +141,7 @@ EXAMPLES = '''
state: quadlet
name: quadlet_volume
quadlet_filename: custom-name
quadlet_file_mode: '0640'
quadlet_options:
- Group=192
- Copy=true
@ -569,6 +584,7 @@ def main():
debug=dict(type='bool', default=False),
quadlet_dir=dict(type='path', required=False),
quadlet_filename=dict(type='str', required=False),
quadlet_file_mode=dict(type='raw', required=False),
quadlet_options=dict(type='list', elements='str', required=False),
))

63
tests/integration/targets/podman_container/tasks/main.yml
View file

@ -1191,6 +1191,69 @@
that:
- quadlet_file_custom3.stat.exists
- name: Fail if wrong default file mode
assert:
that:
- quadlet_file_custom3.stat.mode == '0640'
- name: Create a Quadlet for container with file mode
containers.podman.podman_container:
executable: "{{ test_executable | default('podman') }}"
name: container-quadlet-mode
image: alpine
state: quadlet
quadlet_file_mode: '0644'
- name: Check file mode
stat:
path: ~/.config/containers/systemd/container-quadlet-mode.container
register: quadlet_file_mode1
- name: Fail if file is present and with correct mode
assert:
that:
- quadlet_file_mode1.stat.exists
- quadlet_file_mode1.stat.mode == '0644'
- name: Create same Quadlet for container without file mode
containers.podman.podman_container:
executable: "{{ test_executable | default('podman') }}"
name: container-quadlet-mode
image: alpine
state: quadlet
register: quad_mode2
- name: Check file mode
stat:
path: ~/.config/containers/systemd/container-quadlet-mode.container
register: quadlet_file_mode2
- name: Check if existing mode is preserve
assert:
that:
- quad_mode2 is not changed
- quadlet_file_mode2.stat.mode == '0644'
- name: Create same Quadlet for container with only file mode changed
containers.podman.podman_container:
executable: "{{ test_executable | default('podman') }}"
name: container-quadlet-mode
image: alpine
state: quadlet
quadlet_file_mode: '0640'
register: quad_mode3
- name: Check file mode
stat:
path: ~/.config/containers/systemd/container-quadlet-mode.container
register: quadlet_file_mode3
- name: Fail if file is present and with correct mode
assert:
that:
- quad_mode3 is changed
- quadlet_file_mode3.stat.mode == '0640'
- name: Create a Quadlet for container
containers.podman.podman_container:
executable: "{{ test_executable | default('podman') }}"

9
tests/integration/targets/podman_image/tasks/main.yml
View file

@ -460,10 +460,11 @@
path: /tmp/customfile.image
register: quadlet_file_custom
- name: Fail if no file is present
- name: Fail if no file is present or wrong mode
assert:
that:
- quadlet_file_custom.stat.exists
- quadlet_file_custom.stat.mode == '0640'
- name: Create quadlet image file
containers.podman.podman_image:
@ -476,6 +477,7 @@
password: pass
validate_certs: false
quadlet_dir: /tmp/
quadlet_file_mode: '0644'
quadlet_options:
- "ImageTag=quay.io/coreos/coreos-installer:12345"
- "AllTags=true"
@ -493,6 +495,11 @@
that:
- quadlet_file.stat.exists
- name: Check quadlet file mode is correct
assert:
that:
- quadlet_file.stat.mode == '0644'
- name: Check for the existence of lines in /tmp/coreos-installer.image
lineinfile:
path: /tmp/coreos-installer.image

4
tests/integration/targets/podman_network/tasks/main.yml
View file

@ -709,16 +709,18 @@
state: quadlet
quadlet_dir: /tmp
quadlet_filename: customfile
quadlet_file_mode: '0644'
- name: Check if files exists
stat:
path: /tmp/customfile.network
register: quadlet_file_custom
- name: Fail if no file is present
- name: Fail if no file is present or wrong mode
assert:
that:
- quadlet_file_custom.stat.exists
- quadlet_file_custom.stat.mode == '0644'
- name: Create quadlet network file
containers.podman.podman_network:

4
tests/integration/targets/podman_play/tasks/main.yml
View file

@ -138,16 +138,18 @@
state: quadlet
quadlet_dir: /tmp
quadlet_filename: customfile
quadlet_file_mode: '0644'
- name: Check if files exists
stat:
path: /tmp/customfile.kube
register: quadlet_file_custom
- name: Fail if no file is present
- name: Fail if no file is present or wrong mode
assert:
that:
- quadlet_file_custom.stat.exists
- quadlet_file_custom.stat.mode == '0644'
- name: Create a kube quadlet without filename
containers.podman.podman_play:

4
tests/integration/targets/podman_pod/tasks/main.yml
View file

@ -989,16 +989,18 @@
network: examplenet
quadlet_dir: /tmp
quadlet_filename: customfile
quadlet_file_mode: '0644'
- name: Check if files exists
stat:
path: /tmp/customfile.pod
register: quadlet_file_custom
- name: Fail if no file is present
- name: Fail if no file is present or wrong mode
assert:
that:
- quadlet_file_custom.stat.exists
- quadlet_file_custom.stat.mode == '0644'
- name: Create a Quadlet pod file
containers.podman.podman_pod:

4
tests/integration/targets/podman_volume/tasks/main.yml
View file

@ -241,16 +241,18 @@
state: quadlet
quadlet_dir: /tmp
quadlet_filename: customfile
quadlet_file_mode: '0644'
- name: Check if files exists
stat:
path: /tmp/customfile.volume
register: quadlet_file_custom
- name: Fail if no file is present
- name: Fail if no file is present or wrong mode
assert:
that:
- quadlet_file_custom.stat.exists
- quadlet_file_custom.stat.mode == '0644'
- name: Create quadlet volume file
containers.podman.podman_volume: