---

- name: check if user is in subuid file
  find:
    path: /etc/subuid
    contains: '^{{ container_run_as_user }}:.*$'
  register: uid_line_found
  when: container_run_as_user != 'root'

- name: check if group is in subgid file
  find:
    path: /etc/subgid
    contains: '^{{ container_run_as_group }}:.*$'
  register: gid_line_found
  when: container_run_as_group != 'root'

- name: ensure user is in subuid file, if it was missing
  lineinfile:
    path: /etc/subuid
    regexp: "^{{ container_run_as_user }}:.*"
    line: "{{ container_run_as_user }}:165536:65536"
    create: true
    mode: '0644'
    owner: root
    group: root
  when: container_run_as_user != 'root' and not uid_line_found.matched

- name: ensure group is in subgid file, if it was missing
  lineinfile:
    path: /etc/subgid
    regexp: "^{{ container_run_as_group }}:.*"
    line: "{{ container_run_as_group }}:165536:65536"
    create: true
    mode: '0644'
    owner: root
    group: root
  when: container_run_as_group != 'root' and not gid_line_found.matched