* Fix podman_network not idempotent with IPv6 addresses, fix#1041
Normalize IPv6 addresses and subnets before comparing in diff methods
using Python's ipaddress module. Different notations of the same IPv6
address (e.g. "::1" vs "0:1") are now correctly recognized as equal,
preventing unnecessary network recreation.
- Guard _normalize_ip/_normalize_subnet with HAS_IP_ADDRESS_MODULE check
- Normalize user-supplied route strings in diffparam_route
- Keep _lease_range_to_str as @staticmethod
- Catch TypeError in _normalize_ip/_normalize_subnet for None inputs
- Use .get("gateway") with filter in multi-gateway join to avoid KeyError
- Fix implicit string concatenation lint warnings
---------
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* Fix podman_pod skipping in check mode by adding supports_check_mode=True
The module was not declaring supports_check_mode=True in AnsibleModule(),
causing Ansible to automatically skip the task when running with --check.
The module_utils (podman_pod_lib) already guards execution with
`if not self.module.check_mode`, so the logic was in place — only the
declaration was missing.
Signed-off-by: Jérémy Phetphoumy <j.phetphoumy@gmail.com>
* Add integration tests for podman_pod check mode support
Adds a dedicated integration test target to verify that podman_pod
correctly supports check mode:
- Reports changed on a non-existing pod without creating it
- Is idempotent on an existing pod with the same config
- Reports changed on config diff without modifying the actual pod
Signed-off-by: Jérémy Phetphoumy <j.phetphoumy@gmail.com>
---------
Signed-off-by: Jérémy Phetphoumy <j.phetphoumy@gmail.com>
* fix(podman_prune): mark unchanged when reclaiming 0B
* test(podman_prune): add idempotency test for system prune
* test(podman_prune): add executable parameter to idempotency test
* fix(podman_prune): use broader pattern
---------
Signed-off-by: Eric Badendiek <eric.badendiek@gmx.de>
Plain key=value quadlet_options (e.g. AutoUpdate=registry) were placed
after the [Service] section, making them part of [Service] instead of
[Container]. Split quadlet_options into plain options (appended to the
main section) and section blocks (appended after [Service]).
Fix#1017
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
This commit introduces two new modules for managing Podman Quadlets:
- podman_quadlet: Install and remove Podman Quadlet files
* Supports installing single files, directories, and additional config files
* Implements idempotent state management (present/absent)
* Validates parameters and provides meaningful error messages
* Default force=true for removal operations
* Removed deprecated 'ignore' parameter in favor of built-in idempotency
- podman_quadlet_info: Gather information about installed Quadlets
* Lists all installed quadlets or prints specific quadlet content
* Supports filtering by quadlet kinds (container, pod, network, etc.)
* Provides detailed quadlet metadata including status and paths
Key features:
- Shared utilities in module_utils/podman/quadlet.py for code reuse
- Comprehensive integration tests for both modules
- Full idempotency support for all operations
- Proper handling of edge cases (missing files, malformed quadlets, etc.)
- Check mode support for safe dry-run operations
- Extensive documentation and examples
The modules use relative imports for module_utils to support local
development and testing with the containers.podman collection.
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* fix(podman_prune): set top-level changed status
The module was returning changed status inside nested dicts,
but Ansible expects it at the top level of the result.
Before: {"image": {"changed": true, ...}} -> Ansible sees changed=false
After: {"changed": true, "image": {...}} -> Ansible sees changed=true
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
* Update plugins/modules/podman_prune.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
---------
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
Co-authored-by: Igor Belousov <igor-belousov@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Fix incorrect image URL formation when using separate name and tag parameters
where the tag contains a digest. Previously, tags like "8-bookworm@sha256:..."
would incorrectly use "@" as the delimiter between name and tag, resulting in
malformed URLs like "docker.io/valkey/valkey@8-bookworm@sha256:...".
The issue was in ImageRepository.delimiter logic which used substring matching
("sha256" in tag) instead of checking for pure digest format.
Changes:
- Fix delimiter selection in ImageRepository.__init__() to only use "@" for
pure digests starting with "sha256:", not any tag containing "sha256"
- Add comprehensive unit tests covering all delimiter scenarios
- Add integration tests with real digest validation and edge cases
- Ensure proper URL formation: name:tag@digest vs name@digest
Before: docker.io/valkey/valkey@8-bookworm@sha256:abc123 (broken)
After: docker.io/valkey/valkey:8-bookworm@sha256:abc123 (correct)
Fixes#947
Generated with [Claude Code](https://claude.ai/code)
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* podman_container_lib: Added checks for volume opts
Changed the diffparam_volume function to include the volume mount opts.
Signed-off-by: Lucas Benedito <lbenedit@redhat.com>
* Add test for volume mount options
Signed-off-by: Lucas Benedito <lbenedit@redhat.com>
---------
Signed-off-by: Lucas Benedito <lbenedit@redhat.com>
* Fix idempotency for any podman secret driver
All secret drivers are provided with the same interface in podman, so there is no need to hardcode the state as changed for all drivers other than 'file'.
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
* ci: add tests for shell secret driver
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
---------
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
For quadlets you can set sdnotify (which maps to Notify=) to healthy to
use a healthcheck to determine when the container is up.
Signed-off-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
The usedforsecurity keyword argument of the hashlib functions was
introduced in python 3.9. To achieve compatibility with versions below
that, we only use it once it is available.
The usedforsecurity argument forces use of secure hash functions in
specially compiled versions of python. In this case it would force to
upgrade sha256 to a different hash function should sha256 be deemeed
insecure in the future. The podman hash we are comparing against is
(currently) always sha256.
As sha256 is still considered secure, removing this option for older
python versions should be acceptable.
