* fix(podman_prune): set top-level changed status
The module was returning changed status inside nested dicts,
but Ansible expects it at the top level of the result.
Before: {"image": {"changed": true, ...}} -> Ansible sees changed=false
After: {"changed": true, "image": {...}} -> Ansible sees changed=true
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
* Update plugins/modules/podman_prune.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
---------
Signed-off-by: Igor Belousov <igor-belousov@users.noreply.github.com>
Co-authored-by: Igor Belousov <igor-belousov@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Fix incorrect image URL formation when using separate name and tag parameters
where the tag contains a digest. Previously, tags like "8-bookworm@sha256:..."
would incorrectly use "@" as the delimiter between name and tag, resulting in
malformed URLs like "docker.io/valkey/valkey@8-bookworm@sha256:...".
The issue was in ImageRepository.delimiter logic which used substring matching
("sha256" in tag) instead of checking for pure digest format.
Changes:
- Fix delimiter selection in ImageRepository.__init__() to only use "@" for
pure digests starting with "sha256:", not any tag containing "sha256"
- Add comprehensive unit tests covering all delimiter scenarios
- Add integration tests with real digest validation and edge cases
- Ensure proper URL formation: name:tag@digest vs name@digest
Before: docker.io/valkey/valkey@8-bookworm@sha256:abc123 (broken)
After: docker.io/valkey/valkey:8-bookworm@sha256:abc123 (correct)
Fixes#947
Generated with [Claude Code](https://claude.ai/code)
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* podman_container_lib: Added checks for volume opts
Changed the diffparam_volume function to include the volume mount opts.
Signed-off-by: Lucas Benedito <lbenedit@redhat.com>
* Add test for volume mount options
Signed-off-by: Lucas Benedito <lbenedit@redhat.com>
---------
Signed-off-by: Lucas Benedito <lbenedit@redhat.com>
* Fix idempotency for any podman secret driver
All secret drivers are provided with the same interface in podman, so there is no need to hardcode the state as changed for all drivers other than 'file'.
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
* ci: add tests for shell secret driver
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
---------
Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
For quadlets you can set sdnotify (which maps to Notify=) to healthy to
use a healthcheck to determine when the container is up.
Signed-off-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
The usedforsecurity keyword argument of the hashlib functions was
introduced in python 3.9. To achieve compatibility with versions below
that, we only use it once it is available.
The usedforsecurity argument forces use of secure hash functions in
specially compiled versions of python. In this case it would force to
upgrade sha256 to a different hash function should sha256 be deemeed
insecure in the future. The podman hash we are comparing against is
(currently) always sha256.
As sha256 is still considered secure, removing this option for older
python versions should be acceptable.
This typo prevents the quadlet generator from picking up
--cpus and --platform options.
Signed-off-by: InsideTheVoid <824767+InsideTheVoid@users.noreply.github.com>
The podman_login module does not have code to support check runs. Therefore a check run in ansible does the actual login. Set supports_check_mode to False so the login is skipped in a dry-run.
Signed-off-by: Maximilian Stinsky <maximilian@stinsky.com>
