From 9aedda4443ceddea489dd5a650d32855e0e48440 Mon Sep 17 00:00:00 2001
From: Benjamin Schubert <contact@benschubert.me>
Date: Mon, 31 Jul 2023 18:55:03 +0100
Subject: [PATCH] Fix idempotency checks when using `userns` (#599)

Previously, this would only mark the userns as expected when `uidmap`
or `gidmap` is passed. However, in the case `userns` is passed, this
is also expected to be set.

Signed-off-by: Benjamin Schubert <contact@benschubert.me>
---
 plugins/module_utils/podman/podman_pod_lib.py |  2 +-
 .../targets/podman_pod/tasks/main.yml         | 43 ++++++++++++++++++-
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/plugins/module_utils/podman/podman_pod_lib.py b/plugins/module_utils/podman/podman_pod_lib.py
index 0b4afc0b..8f5dfae9 100644
--- a/plugins/module_utils/podman/podman_pod_lib.py
+++ b/plugins/module_utils/podman/podman_pod_lib.py
@@ -511,7 +511,7 @@ def diffparam_share(self):
             # TODO: find out why on Ubuntu the 'net' is not present
             if 'net' not in before:
                 after.remove('net')
-        if self.params["uidmap"] or self.params["gidmap"]:
+        if self.params["uidmap"] or self.params["gidmap"] or self.params["userns"]:
             after.append('user')
 
         before, after = sorted(list(set(before))), sorted(list(set(after)))
diff --git a/tests/integration/targets/podman_pod/tasks/main.yml b/tests/integration/targets/podman_pod/tasks/main.yml
index 491d4a8a..6ec067f2 100644
--- a/tests/integration/targets/podman_pod/tasks/main.yml
+++ b/tests/integration/targets/podman_pod/tasks/main.yml
@@ -333,7 +333,7 @@
         that:
           - pod15_a_info is changed
 
-    - name: Start pod with share for idempotency
+    - name: Start pod with gidmap and uidmap for idempotency
       containers.podman.podman_pod:
         executable: "{{ test_executable | default('podman') }}"
         name: pod1
@@ -347,6 +347,47 @@
         that:
           - pod15_b_info is not changed
 
+    # Reset the namespace check.
+    # This is because changing from `uidmap/gidmap` to `userns` does not
+    # report a difference currently
+    - name: Start pod without uidmap to reset
+      containers.podman.podman_pod:
+        executable: "{{ test_executable | default('podman') }}"
+        name: pod1
+        state: created
+      register: pod15_c_info
+
+    - name: Check info
+      assert:
+        that:
+          - pod15_c_info is changed
+
+    - name: Start pod with userns
+      containers.podman.podman_pod:
+        executable: "{{ test_executable | default('podman') }}"
+        name: pod1
+        userns: auto
+        state: created
+      register: pod_userns_a_info
+
+    - name: Check info
+      assert:
+        that:
+          - pod_userns_a_info is changed
+
+    - name: Start pod with userns for idempotency
+      containers.podman.podman_pod:
+        executable: "{{ test_executable | default('podman') }}"
+        name: pod1
+        userns: auto
+        state: created
+      register: pod_userns_b_info
+
+    - name: Check info
+      assert:
+        that:
+          - pod_userns_b_info is not changed
+
     - name: Start pod with labels
       containers.podman.podman_pod:
         executable: "{{ test_executable | default('podman') }}"