This commit introduces two new modules for managing Podman Quadlets:
- podman_quadlet: Install and remove Podman Quadlet files
* Supports installing single files, directories, and additional config files
* Implements idempotent state management (present/absent)
* Validates parameters and provides meaningful error messages
* Default force=true for removal operations
* Removed deprecated 'ignore' parameter in favor of built-in idempotency
- podman_quadlet_info: Gather information about installed Quadlets
* Lists all installed quadlets or prints specific quadlet content
* Supports filtering by quadlet kinds (container, pod, network, etc.)
* Provides detailed quadlet metadata including status and paths
Key features:
- Shared utilities in module_utils/podman/quadlet.py for code reuse
- Comprehensive integration tests for both modules
- Full idempotency support for all operations
- Proper handling of edge cases (missing files, malformed quadlets, etc.)
- Check mode support for safe dry-run operations
- Extensive documentation and examples
The modules use relative imports for module_utils to support local
development and testing with the containers.podman collection.
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* fix(podman_prune): set top-level changed status
The module was returning changed status inside nested dicts,
but Ansible expects it at the top level of the result.
Before: {"image": {"changed": true, ...}} -> Ansible sees changed=false
After: {"changed": true, "image": {...}} -> Ansible sees changed=true
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
* Update plugins/modules/podman_prune.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
---------
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
Co-authored-by: Igor Belousov <igor-belousov@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* Fix idempotency for any podman secret driver
All secret drivers are provided with the same interface in podman, so there is no need to hardcode the state as changed for all drivers other than 'file'.
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
* ci: add tests for shell secret driver
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
---------
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
For quadlets you can set sdnotify (which maps to Notify=) to healthy to
use a healthcheck to determine when the container is up.
Signed-off-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
The usedforsecurity keyword argument of the hashlib functions was
introduced in python 3.9. To achieve compatibility with versions below
that, we only use it once it is available.
The usedforsecurity argument forces use of secure hash functions in
specially compiled versions of python. In this case it would force to
upgrade sha256 to a different hash function should sha256 be deemeed
insecure in the future. The podman hash we are comparing against is
(currently) always sha256.
As sha256 is still considered secure, removing this option for older
python versions should be acceptable.
The podman_login module does not have code to support check runs. Therefore a check run in ansible does the actual login. Set supports_check_mode to False so the login is skipped in a dry-run.
Signed-off-by: Maximilian Stinsky <maximilian@stinsky.com>
* Trigger a new image build when we detect that the Containerfile has
changed.
Signed-off-by: gw <gw@bob.lol>
* Fix return type issues from PR feedback
Signed-off-by: gw <gw@bob.lol>
---------
Signed-off-by: gw <gw@bob.lol>
Co-authored-by: gw <gw@bob.lol>
