Add umask option for mount module

changelogs/fragments/209_add_mode_for_mount.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+- mount - add ``mode`` parameter to mount module (https://github.com/ansible-collections/ansible.posix/issues/163).

plugins/modules/mount.py

@@ -105,6 +105,17 @@
         the original file back if you somehow clobbered it incorrectly.
     type: bool
     default: no
+  mode:
+    description:
+      - The permission applied to create a new directory for the mount point.
+        If the mount point already exists, this parameter is not used.
+      - This parameter only affects the mount point itself.
+        If this module creates multiple directories recursively,
+        other directories follow the system's default umask.
+      - Note that after running this task and the device being successfully mounted,
+        the mode of the original directory will be hidden by the target device.
+    type: raw
+    version_added: '1.3.0'
 notes:
   - As of Ansible 2.3, the I(name) option has been changed to I(path) as
     default, but I(name) still works as well.
@@ -122,6 +133,7 @@
     fstype: iso9660
     opts: ro,noauto
     state: present
+    mode: 0755
 
 - name: Mount up device by label
   ansible.posix.mount:
@@ -665,6 +677,7 @@ def main():
             src=dict(type='path'),
             backup=dict(type='bool', default=False),
             state=dict(type='str', required=True, choices=['absent', 'mounted', 'present', 'unmounted', 'remounted']),
+            mode=dict(type='raw'),
         ),
         supports_check_mode=True,
         required_if=(
@@ -761,6 +774,7 @@ def main():
 
     state = module.params['state']
     name = module.params['path']
+    mode = module.params['mode']
     changed = False
 
     if state == 'absent':
@@ -817,6 +831,14 @@ def main():
                 module.fail_json(
                     msg="Error making dir %s: %s" % (name, to_native(e)))
 
+            # Set permissions to the newly created mount point.
+            if mode is not None:
+                try:
+                    changed = module.set_mode_if_different(name, mode, changed)
+                except Exception as e:
+                    module.fail_json(
+                        msg="Error setting permissions %s: %s" % (name, to_native(e)))
+
         name, backup_lines, changed = _set_mount_save_old(module, args)
         res = 0
 

tests/integration/targets/mount/tasks/main.yml

@@ -332,3 +332,44 @@
     - /tmp/myfs.img
     - /tmp/myfs
   when: ansible_system in ('Linux')
+
+- name: Block to test mode option in Linux
+  block:
+  - name: Create empty file
+    community.general.filesize:
+      path: /tmp/myfs.img
+      size: 20M
+  - name: Format FS
+    community.general.filesystem:
+      fstype: ext3
+      dev: /tmp/myfs.img
+  - name: Make sure that mount point does not exist
+    file:
+      path: /tmp/myfs
+      state: absent
+  - name: Mount the FS to non existent directory with mode option
+    mount:
+      path: /tmp/myfs
+      src: /tmp/myfs.img
+      fstype: ext3
+      state: mounted
+      mode: 0000
+  - name: Unmount FS to access underlying directory
+    command: |
+      umount /tmp/myfs.img
+  - name: Check status of mount point
+    stat:
+      path: /tmp/myfs
+    register: mount_point_stat
+  - name: Assert that the mount point has right permission
+    assert:
+      that:
+      - mount_point_stat['stat']['mode'] == '0000'
+  - name: Remove the test FS
+    file:
+      path: '{{ item }}'
+      state: absent
+    loop:
+    - /tmp/myfs.img
+    - /tmp/myfs
+  when: ansible_system in ('Linux')