Fix podman image permissions issue and runlable test (#853)

Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
2026-02-04 07:11:49 +00:00 · 2024-09-26 09:50:54 +03:00 · 2024-09-26 09:50:54 +03:00 · 4f8ab01fbb
commit 4f8ab01fbb
parent 36c146a633
2 changed files with 57 additions and 43 deletions
--- a/plugins/modules/podman_image.py
+++ b/plugins/modules/podman_image.py
@ -527,7 +527,7 @@ class PodmanImageManager(object):
        elif self.path and not build_file_arg:
            container_filename = self._find_containerfile_from_context()

-        if not containerfile_contents:
+        if not containerfile_contents and os.access(container_filename, os.R_OK):
            with open(container_filename) as f:
                containerfile_contents = f.read()

@ -538,6 +538,8 @@ class PodmanImageManager(object):
        When given the contents of a Containerfile/Dockerfile,
        return a sha256 hash of these contents.
        """
+        if not containerfile_contents:
+            return None
        return hashlib.sha256(
            containerfile_contents.encode(),
            usedforsecurity=False
@ -551,7 +553,7 @@ class PodmanImageManager(object):
        If we don't have this, return an empty string.
        """

-        args_containerfile_hash = ""
+        args_containerfile_hash = None

        context_has_containerfile = self.path and self._find_containerfile_from_context()

@ -581,11 +583,9 @@ class PodmanImageManager(object):
        else:
            digest_before = None

-        both_hashes_exist_and_differ = (
-            args_containerfile_hash != "" and
-            existing_image_containerfile_hash != "" and
-            args_containerfile_hash != existing_image_containerfile_hash
-        )
+        both_hashes_exist_and_differ = (args_containerfile_hash and existing_image_containerfile_hash and
+                                        args_containerfile_hash != existing_image_containerfile_hash
+                                        )

        if not image or self.force or both_hashes_exist_and_differ:
            if self.state == 'build' or self.path:
--- a/tests/integration/targets/podman_runlabel/tasks/main.yml
+++ b/tests/integration/targets/podman_runlabel/tasks/main.yml
@ -4,45 +4,59 @@
    path: /tmp/usr_img
    state: directory

- name: Copy Dockerfile to container build directory
-  copy:
-    src: "{{ item }}"
-    dest: "/tmp/usr_img/{{ item }}"
-    mode: 755
-  loop:
-    - Dockerfile
-    - testinstall.sh
+- block:

- name: Build test docker image for regular user
-  containers.podman.podman_image:
-    executable: "{{ test_executable | default('podman') }}"
-    name: "{{ runlabel_image }}"
-    path: /tmp/usr_img
-    build:
-      format: docker
-      extra_args: --cgroup-manager=cgroupfs
+    - name: Copy Dockerfile to container build directory
+      copy:
+        src: "{{ item }}"
+        dest: "/tmp/usr_img/{{ item }}"
+        mode: 755
+      loop:
+        - Dockerfile
+        - testinstall.sh

- name: Run container label install
-  containers.podman.podman_runlabel:
-    image: "{{ runlabel_image }}"
-    label: install
-  register: install_runlabel
+    - name: Build test docker image for regular user
+      containers.podman.podman_image:
+        executable: "{{ test_executable | default('podman') }}"
+        name: "{{ runlabel_image }}"
+        path: /tmp/usr_img
+        build:
+          format: docker
+          extra_args: --cgroup-manager=cgroupfs

- name: Run container label run
-  containers.podman.podman_runlabel:
-    image: "{{ runlabel_image }}"
-    label: run
+    - name: Run container label install
+      containers.podman.podman_runlabel:
+        image: "{{ runlabel_image }}"
+        label: install
+      register: install_runlabel

- name: Check file for run exists
-  stat:
-    path: /tmp/testedrunfortests
-  register: testedrunfortests
+    - name: Run container label run
+      containers.podman.podman_runlabel:
+        image: "{{ runlabel_image }}"
+        label: run

- name: Make sure files exist
-  assert:
-    that:
-      - testedrunfortests.stat.exists
+    - name: Check file for run exists
+      stat:
+        path: /tmp/testedrunfortests
+      register: testedrunfortests

- name: Make sure install label exited with 128
-  assert:
-    that: install_runlabel.stdout == 'Installed.'
+    - name: Make sure files exist
+      assert:
+        that:
+          - testedrunfortests.stat.exists
+
+    - name: Make sure install label exited with 128
+      assert:
+        that: install_runlabel.stdout == 'Installed.'
+  always:
+
+    - name: Remove the directory
+      file:
+        path: /tmp/usr_img
+        state: absent
+
+    - name: Remove the image
+      containers.podman.podman_image:
+        executable: "{{ test_executable | default('podman') }}"
+        name: "{{ runlabel_image }}"
+        state: absent