bugfix - Prevent passwordstore lookup to create subkey when create ==…

… false (#9106) Fixes #9105 Apply suggestion Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit 105ae05)
ansible-collections · Feb 19, 2025 · ecc22f2 · ecc22f2
1 parent 78c8fa0
commit ecc22f2
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/changelogs/fragments/9106-passwordstore-fix-subkey-creation-even-when-create-==-false.yml b/changelogs/fragments/9106-passwordstore-fix-subkey-creation-even-when-create-==-false.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - passwordstore lookup plugin - fix subkey creation even when ``create=false`` (https://github.com/ansible-collections/community.general/issues/9105, https://github.com/ansible-collections/community.general/pull/9106).
diff --git a/plugins/lookup/passwordstore.py b/plugins/lookup/passwordstore.py
@@ -572,16 +572,20 @@ def run(self, terms, variables, **kwargs):
         for term in terms:
             self.parse_params(term)   # parse the input into paramvals
             with self.opt_lock('readwrite'):
-                if self.check_pass():     # password exists
-                    if self.paramvals['overwrite']:
+                if self.check_pass():     # password file exists
+                    if self.paramvals['overwrite']:  # if "overwrite", always update password
                         with self.opt_lock('write'):
                             result.append(self.update_password())
-                    elif self.paramvals["subkey"] != "password" and not self.passdict.get(self.paramvals['subkey']):  # password exists but not the subkey
+                    elif (
+                        self.paramvals["subkey"] != "password"
+                        and not self.passdict.get(self.paramvals["subkey"])
+                        and self.paramvals["missing"] == "create"
+                    ):  # target is a subkey, this subkey is not in passdict BUT missing == create
                         with self.opt_lock('write'):
                             result.append(self.update_password())
                     else:
                         result.append(self.get_passresult())
-                else:                     # password does not exist
+                else:  # password does not exist
                     if self.paramvals['missing'] == 'create':
                         with self.opt_lock('write'):
                             if self.locked == 'write' and self.check_pass():  # lookup password again if under write lock
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- passwordstore lookup plugin - fix subkey creation even when ``create=false`` (https://github.com/ansible-collections/community.general/issues/9105, https://github.com/ansible-collections/community.general/pull/9106).