bugfix - Prevent passwordstore lookup to create subkey when create ==…

… false Fixes#9105
ansible-collections · Feb 4, 2025 · 8c1d774 · 8c1d774
1 parent e13d6de
commit 8c1d774
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/changelogs/fragments/9106-passwordstore-fix-subkey-creation-even-when-create-==-false.yml b/changelogs/fragments/9106-passwordstore-fix-subkey-creation-even-when-create-==-false.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - passwordstore lookup plugin - Fix subkey creation even when `create == false` (https://github.com/ansible-collections/community.general/pull/9106). 
diff --git a/plugins/lookup/passwordstore.py b/plugins/lookup/passwordstore.py
@@ -578,16 +578,21 @@ def run(self, terms, variables, **kwargs):
         for term in terms:
             self.parse_params(term)   # parse the input into paramvals
             with self.opt_lock('readwrite'):
-                if self.check_pass():     # password exists
-                    if self.paramvals['overwrite']:
+                if self.check_pass():     # password file exists
+                    if self.paramvals['overwrite']:  # if "overwrite", always update password
                         with self.opt_lock('write'):
                             result.append(self.update_password())
-                    elif self.paramvals["subkey"] != "password" and not self.passdict.get(self.paramvals['subkey']):  # password exists but not the subkey
+                    # target is a subkey, this subkey is not in passdict BUT missing == create
+                    elif (
+                        self.paramvals["subkey"] != "password"
+                        and not self.passdict.get(self.paramvals["subkey"])
+                        and self.paramvals["missing"] == "create"
+                    ):
                         with self.opt_lock('write'):
                             result.append(self.update_password())
                     else:
                         result.append(self.get_passresult())
-                else:                     # password does not exist
+                else: # password does not exist
                     if self.paramvals['missing'] == 'create':
                         with self.opt_lock('write'):
                             if self.locked == 'write' and self.check_pass():  # lookup password again if under write lock
@@ -598,3 +603,4 @@ def run(self, terms, variables, **kwargs):
                         result.append(None)
 
         return result
+
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- passwordstore lookup plugin - Fix subkey creation even when `create == false` (https://github.com/ansible-collections/community.general/pull/9106).