From b2c36a89300f157ae9f5d047ad489b2adaa9a9f0 Mon Sep 17 00:00:00 2001
From: Sergey <sshnaidm@users.noreply.github.com>
Date: Sun, 21 Jun 2020 21:45:50 +0300
Subject: [PATCH] Add idempotency for ulimits and tests (#62)

---
 plugins/modules/podman_container.py           | 27 ++++++-
 .../tasks/main.yml                            |  6 ++
 .../tasks/root-podman.yml                     | 77 +++++++++++++++++++
 3 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml

diff --git a/plugins/modules/podman_container.py b/plugins/modules/podman_container.py
index 08838b4..ab8efc1 100644
--- a/plugins/modules/podman_container.py
+++ b/plugins/modules/podman_container.py
@@ -1306,7 +1306,6 @@ class PodmanContainerDiff:
         self.non_idempotent = {
             'env_file',  # We can't get env vars from file to check
             'env_host',
-            "ulimit",  # Defaults depend on user and platform, impossible to guess
         }
 
     def defaultize(self):
@@ -1704,6 +1703,32 @@ class PodmanContainerDiff:
         after = self.params['user']
         return self._diff_update_and_compare('user', before, after)
 
+    def diffparam_ulimit(self):
+        after = self.params['ulimit'] or []
+        # In case of latest podman
+        if 'createcommand' in self.info['config']:
+            ulimits = []
+            for k, c in enumerate(self.info['config']['createcommand']):
+                if c == '--ulimit':
+                    ulimits.append(self.info['config']['createcommand'][k + 1])
+            before = ulimits
+            before, after = sorted(before), sorted(after)
+            return self._diff_update_and_compare('ulimit', before, after)
+        if after:
+            ulimits = self.info['hostconfig']['ulimits']
+            before = {
+                u['name'].replace('rlimit_', ''): "%s:%s" % (u['soft'], u['hard']) for u in ulimits}
+            after = {i.split('=')[0]: i.split('=')[1] for i in self.params['ulimit']}
+            new_before = []
+            new_after = []
+            for u in list(after.keys()):
+                # We don't support unlimited ulimits because it depends on platform
+                if u in before and "-1" not in after[u]:
+                    new_before.append([u, before[u]])
+                    new_after.append([u, after[u]])
+            return self._diff_update_and_compare('ulimit', new_before, new_after)
+        return self._diff_update_and_compare('ulimit', '', '')
+
     def diffparam_uts(self):
         before = self.info['hostconfig']['utsmode']
         after = self.params['uts']
diff --git a/tests/integration/targets/podman_container_idempotency/tasks/main.yml b/tests/integration/targets/podman_container_idempotency/tasks/main.yml
index ef12bca..8a59be8 100644
--- a/tests/integration/targets/podman_container_idempotency/tasks/main.yml
+++ b/tests/integration/targets/podman_container_idempotency/tasks/main.yml
@@ -19,3 +19,9 @@
 
 - name: Test idempotency of volumes
   include_tasks: idem_volumes.yml
+
+- name: Test idempotency for root containers
+  include_tasks: root-podman.yml
+  args:
+    apply:
+      become: true
diff --git a/tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml b/tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml
new file mode 100644
index 0000000..d49dbea
--- /dev/null
+++ b/tests/integration/targets/podman_container_idempotency/tasks/root-podman.yml
@@ -0,0 +1,77 @@
+---
+# Ulimits testing
+- name: Make sure container doesn't exist
+  containers.podman.podman_container:
+    name: root-idempotency
+    state: absent
+
+- name: Run container as is
+  containers.podman.podman_container:
+    image: "{{ idem_image }}"
+    name: root-idempotency
+    state: present
+    command: 1h
+
+- name: Run containers with ulimits
+  containers.podman.podman_container:
+    image: "{{ idem_image }}"
+    name: root-idempotency
+    state: present
+    command: 1h
+    ulimit:
+      - 'nofile=55535:55535'
+      - 'memlock=-1:-1'
+  register: info
+
+- name: Check that it is recreated
+  assert:
+    that:
+      - info is changed
+
+- name: Run containers with ulimits - idempotency
+  containers.podman.podman_container:
+    image: "{{ idem_image }}"
+    name: root-idempotency
+    state: present
+    command: 1h
+    ulimit:
+      - 'nofile=55535:55535'
+      - 'memlock=-1:-1'
+  register: info1
+
+- name: Check that it is recreated
+  assert:
+    that:
+      - info1 is not changed
+
+- name: Run containers with changed ulimits
+  containers.podman.podman_container:
+    image: "{{ idem_image }}"
+    name: root-idempotency
+    state: present
+    command: 1h
+    ulimit:
+      - 'nofile=55535:65535'
+      - 'memlock=-1:-1'
+  register: info2
+
+- name: Check that it is recreated
+  assert:
+    that:
+      - info2 is changed
+
+- name: Run containers with changed ulimits - idempotency
+  containers.podman.podman_container:
+    image: "{{ idem_image }}"
+    name: root-idempotency
+    state: present
+    command: 1h
+    ulimit:
+      - 'nofile=55535:65535'
+      - 'memlock=-1:-1'
+  register: info3
+
+- name: Check that it is recreated
+  assert:
+    that:
+      - info3 is not changed