diff --git a/changelogs/fragments/9106-passwordstore-fix-subkey-creation-even-when-create-==-false.yml b/changelogs/fragments/9106-passwordstore-fix-subkey-creation-even-when-create-==-false.yml new file mode 100644 index 00000000000..b804d2eed9c --- /dev/null +++ b/changelogs/fragments/9106-passwordstore-fix-subkey-creation-even-when-create-==-false.yml @@ -0,0 +1,2 @@ +bugfixes: + - passwordstore lookup plugin - fix subkey creation even when ``create=false`` (https://github.com/ansible-collections/community.general/issues/9105, https://github.com/ansible-collections/community.general/pull/9106). diff --git a/plugins/lookup/passwordstore.py b/plugins/lookup/passwordstore.py index 584690c175e..479f8d537ab 100644 --- a/plugins/lookup/passwordstore.py +++ b/plugins/lookup/passwordstore.py @@ -572,16 +572,20 @@ def run(self, terms, variables, **kwargs): for term in terms: self.parse_params(term) # parse the input into paramvals with self.opt_lock('readwrite'): - if self.check_pass(): # password exists - if self.paramvals['overwrite']: + if self.check_pass(): # password file exists + if self.paramvals['overwrite']: # if "overwrite", always update password with self.opt_lock('write'): result.append(self.update_password()) - elif self.paramvals["subkey"] != "password" and not self.passdict.get(self.paramvals['subkey']): # password exists but not the subkey + elif ( + self.paramvals["subkey"] != "password" + and not self.passdict.get(self.paramvals["subkey"]) + and self.paramvals["missing"] == "create" + ): # target is a subkey, this subkey is not in passdict BUT missing == create with self.opt_lock('write'): result.append(self.update_password()) else: result.append(self.get_passresult()) - else: # password does not exist + else: # password does not exist if self.paramvals['missing'] == 'create': with self.opt_lock('write'): if self.locked == 'write' and self.check_pass(): # lookup password again if under write lock