From 6a514b6843e5d9969c2db3c8cc064600ba02a3b6 Mon Sep 17 00:00:00 2001
From: Michal Drobny <70282353+drobnymichal@users.noreply.github.com>
Date: Thu, 9 Nov 2023 22:21:57 +0100
Subject: [PATCH] Add options for password generation in the passwordstore
 module (#7426)

* feat: Add options for password generation.

* feat: Add documentations for options for password generation.

* fix: Remove newline from the end of the stored raw password

* fix: Define 'msg' variable before the reference inside the condition block

* feat: Add information when the 'timestamp' parameter was added

Co-authored-by: Felix Fontein <felix@fontein.de>

* feat: Add information when the 'preserve' parameter was added

Co-authored-by: Felix Fontein <felix@fontein.de>

* feat: Add changelog fragment for adding new parameters to the 'passwordstore' module

* feat: Change the evaluation of password modification conditions.

* feat: Change version of parameter 'timestamp' from 8.0.0 to 8.0.1

Co-authored-by: Felix Fontein <felix@fontein.de>

* feat: Change version of parameter 'preserve' from 8.0.0 to 8.0.1

Co-authored-by: Felix Fontein <felix@fontein.de>

* fix: Remove newline character from the timestamp message

Co-authored-by: Felix Fontein <felix@fontein.de>

* fix: Add newline character to the end of 'preserve' message.

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Michal Drobny <494056@muni.cz>
Co-authored-by: Felix Fontein <felix@fontein.de>
---
 ...nd-preserve-options-for-passwordstore.yaml |  2 ++
 plugins/lookup/passwordstore.py               | 28 +++++++++++++++----
 2 files changed, 24 insertions(+), 6 deletions(-)
 create mode 100644 changelogs/fragments/7426-add-timestamp-and-preserve-options-for-passwordstore.yaml

diff --git a/changelogs/fragments/7426-add-timestamp-and-preserve-options-for-passwordstore.yaml b/changelogs/fragments/7426-add-timestamp-and-preserve-options-for-passwordstore.yaml
new file mode 100644
index 0000000000..59e22b450f
--- /dev/null
+++ b/changelogs/fragments/7426-add-timestamp-and-preserve-options-for-passwordstore.yaml
@@ -0,0 +1,2 @@
+minor_changes:
+  - passwordstore - adds ``timestamp`` and ``preserve`` parameters to modify the stored password format (https://github.com/ansible-collections/community.general/pull/7426).
\ No newline at end of file
diff --git a/plugins/lookup/passwordstore.py b/plugins/lookup/passwordstore.py
index 4a1ff1320b..7a6fca7a01 100644
--- a/plugins/lookup/passwordstore.py
+++ b/plugins/lookup/passwordstore.py
@@ -129,6 +129,16 @@ DOCUMENTATION = '''
           - pass
           - gopass
         version_added: 5.2.0
+      timestamp:
+        description: Add the password generation information to the end of the file.
+        type: bool
+        default: true
+        version_added: 8.1.0
+      preserve:
+        description: Include the old (edited) password inside the pass file.
+        type: bool
+        default: true
+        version_added: 8.1.0
     notes:
       - The lookup supports passing all options as lookup parameters since community.general 6.0.0.
 '''
@@ -386,11 +396,13 @@ class LookupModule(LookupBase):
         # generate new password, insert old lines from current result and return new password
         newpass = self.get_newpass()
         datetime = time.strftime("%d/%m/%Y %H:%M:%S")
-        msg = newpass + '\n'
-        if self.passoutput[1:]:
-            msg += '\n'.join(self.passoutput[1:]) + '\n'
-        if self.paramvals['backup']:
-            msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime)
+        msg = newpass
+        if self.paramvals['preserve'] or self.paramvals['timestamp']:
+            msg += '\n'
+            if self.paramvals['preserve'] and self.passoutput[1:]:
+                msg += '\n'.join(self.passoutput[1:]) + '\n'
+            if self.paramvals['timestamp'] and self.paramvals['backup']:
+                msg += "lookup_pass: old password was {0} (Updated on {1})\n".format(self.password, datetime)
         try:
             check_output2([self.pass_cmd, 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
         except (subprocess.CalledProcessError) as e:
@@ -402,7 +414,9 @@ class LookupModule(LookupBase):
         # use pwgen to generate the password and insert values with pass -m
         newpass = self.get_newpass()
         datetime = time.strftime("%d/%m/%Y %H:%M:%S")
-        msg = newpass + '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime)
+        msg = newpass
+        if self.paramvals['timestamp']:
+            msg += '\n' + "lookup_pass: First generated by ansible on {0}\n".format(datetime)
         try:
             check_output2([self.pass_cmd, 'insert', '-f', '-m', self.passname], input=msg, env=self.env)
         except (subprocess.CalledProcessError) as e:
@@ -465,6 +479,8 @@ class LookupModule(LookupBase):
             'backup': self.get_option('backup'),
             'missing': self.get_option('missing'),
             'umask': self.get_option('umask'),
+            'timestamp': self.get_option('timestamp'),
+            'preserve': self.get_option('preserve'),
         }
 
     def run(self, terms, variables, **kwargs):