Fix podman image permissions issue and runlable test (#853)

Signed-off-by: Sagi Shnaidman <[email protected]>
containers · Sep 26, 2024 · 4f8ab01 · 4f8ab01
1 parent 36c146a
commit 4f8ab01
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 49 deletions.
diff --git a/plugins/modules/podman_image.py b/plugins/modules/podman_image.py
@@ -527,7 +527,7 @@ def _get_containerfile_contents(self):
         elif self.path and not build_file_arg:
             container_filename = self._find_containerfile_from_context()
 
-        if not containerfile_contents:
+        if not containerfile_contents and os.access(container_filename, os.R_OK):
             with open(container_filename) as f:
                 containerfile_contents = f.read()
 
@@ -538,6 +538,8 @@ def _hash_containerfile_contents(self, containerfile_contents):
         When given the contents of a Containerfile/Dockerfile,
         return a sha256 hash of these contents.
         """
+        if not containerfile_contents:
+            return None
         return hashlib.sha256(
             containerfile_contents.encode(),
             usedforsecurity=False
@@ -551,7 +553,7 @@ def _get_args_containerfile_hash(self):
         If we don't have this, return an empty string.
         """
 
-        args_containerfile_hash = ""
+        args_containerfile_hash = None
 
         context_has_containerfile = self.path and self._find_containerfile_from_context()
 
@@ -581,11 +583,9 @@ def present(self):
         else:
             digest_before = None
 
-        both_hashes_exist_and_differ = (
-            args_containerfile_hash != "" and
-            existing_image_containerfile_hash != "" and
-            args_containerfile_hash != existing_image_containerfile_hash
-        )
+        both_hashes_exist_and_differ = (args_containerfile_hash and existing_image_containerfile_hash and
+                                        args_containerfile_hash != existing_image_containerfile_hash
+                                        )
 
         if not image or self.force or both_hashes_exist_and_differ:
             if self.state == 'build' or self.path:

diff --git a/tests/integration/targets/podman_runlabel/tasks/main.yml b/tests/integration/targets/podman_runlabel/tasks/main.yml
@@ -4,45 +4,59 @@
     path: /tmp/usr_img
     state: directory
 
-- name: Copy Dockerfile to container build directory
-  copy:
-    src: "{{ item }}"
-    dest: "/tmp/usr_img/{{ item }}"
-    mode: 755
-  loop:
-    - Dockerfile
-    - testinstall.sh
-
-- name: Build test docker image for regular user
-  containers.podman.podman_image:
-    executable: "{{ test_executable | default('podman') }}"
-    name: "{{ runlabel_image }}"
-    path: /tmp/usr_img
-    build:
-      format: docker
-      extra_args: --cgroup-manager=cgroupfs
-
-- name: Run container label install
-  containers.podman.podman_runlabel:
-    image: "{{ runlabel_image }}"
-    label: install
-  register: install_runlabel
-
-- name: Run container label run
-  containers.podman.podman_runlabel:
-    image: "{{ runlabel_image }}"
-    label: run
-
-- name: Check file for run exists
-  stat:
-    path: /tmp/testedrunfortests
-  register: testedrunfortests
-
-- name: Make sure files exist
-  assert:
-    that:
-      - testedrunfortests.stat.exists
-
-- name: Make sure install label exited with 128
-  assert:
-    that: install_runlabel.stdout == 'Installed.'
+- block:
+
+    - name: Copy Dockerfile to container build directory
+      copy:
+        src: "{{ item }}"
+        dest: "/tmp/usr_img/{{ item }}"
+        mode: 755
+      loop:
+        - Dockerfile
+        - testinstall.sh
+
+    - name: Build test docker image for regular user
+      containers.podman.podman_image:
+        executable: "{{ test_executable | default('podman') }}"
+        name: "{{ runlabel_image }}"
+        path: /tmp/usr_img
+        build:
+          format: docker
+          extra_args: --cgroup-manager=cgroupfs
+
+    - name: Run container label install
+      containers.podman.podman_runlabel:
+        image: "{{ runlabel_image }}"
+        label: install
+      register: install_runlabel
+
+    - name: Run container label run
+      containers.podman.podman_runlabel:
+        image: "{{ runlabel_image }}"
+        label: run
+
+    - name: Check file for run exists
+      stat:
+        path: /tmp/testedrunfortests
+      register: testedrunfortests
+
+    - name: Make sure files exist
+      assert:
+        that:
+          - testedrunfortests.stat.exists
+
+    - name: Make sure install label exited with 128
+      assert:
+        that: install_runlabel.stdout == 'Installed.'
+  always:
+
+    - name: Remove the directory
+      file:
+        path: /tmp/usr_img
+        state: absent
+
+    - name: Remove the image
+      containers.podman.podman_image:
+        executable: "{{ test_executable | default('podman') }}"
+        name: "{{ runlabel_image }}"
+        state: absent