From da29ea151db4a11833400f931a37d744a56dd117 Mon Sep 17 00:00:00 2001
From: Manuel Luzarreta <mluzarreta.pro@pm.me>
Date: Wed, 17 Apr 2024 23:23:18 +0200
Subject: [PATCH] passwordstore: Add missing_subkey parameter (#8166)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* passwordstore: Add missing_subkey parameter

Add ability to trigger error or warning when a subkey is missing in pass file.
By default the behavior is unchanged (if subkey is missing, None is returned).
This option can also be set in ansible.cfg

* passwordstore - missing_subkey: Update changelog/fragments file with PR number

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
---
 ...6-password-store-lookup-missing-subkey.yml |  2 ++
 plugins/lookup/passwordstore.py               | 31 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 changelogs/fragments/8166-password-store-lookup-missing-subkey.yml

diff --git a/changelogs/fragments/8166-password-store-lookup-missing-subkey.yml b/changelogs/fragments/8166-password-store-lookup-missing-subkey.yml
new file mode 100644
index 0000000000..da5be9c9e0
--- /dev/null
+++ b/changelogs/fragments/8166-password-store-lookup-missing-subkey.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - passwordstore lookup - add ``missing_subkey`` parameter defining the behavior of the lookup when a passwordstore subkey is missing (https://github.com/ansible-collections/community.general/pull/8166).
diff --git a/plugins/lookup/passwordstore.py b/plugins/lookup/passwordstore.py
index 7a6fca7a01..9814fe133b 100644
--- a/plugins/lookup/passwordstore.py
+++ b/plugins/lookup/passwordstore.py
@@ -139,6 +139,21 @@ DOCUMENTATION = '''
         type: bool
         default: true
         version_added: 8.1.0
+      missing_subkey:
+        description:
+          - Preference about what to do if the password subkey is missing.
+          - If set to V(error), the lookup will error out if the subkey does not exist.
+          - If set to V(empty) or V(warn), will return a V(none) in case the subkey does not exist.
+        version_added: 8.6.0
+        type: str
+        default: empty
+        choices:
+          - error
+          - warn
+          - empty
+        ini:
+          - section: passwordstore_lookup
+            key: missing_subkey
     notes:
       - The lookup supports passing all options as lookup parameters since community.general 6.0.0.
 '''
@@ -147,6 +162,7 @@ ansible.cfg: |
   [passwordstore_lookup]
   lock=readwrite
   locktimeout=45s
+  missing_subkey=warn
 
 tasks.yml: |
   ---
@@ -432,6 +448,20 @@ class LookupModule(LookupBase):
             if self.paramvals['subkey'] in self.passdict:
                 return self.passdict[self.paramvals['subkey']]
             else:
+                if self.paramvals["missing_subkey"] == "error":
+                    raise AnsibleError(
+                        "passwordstore: subkey {0} for passname {1} not found and missing_subkey=error is set".format(
+                            self.paramvals["subkey"], self.passname
+                        )
+                    )
+
+                if self.paramvals["missing_subkey"] == "warn":
+                    display.warning(
+                        "passwordstore: subkey {0} for passname {1} not found".format(
+                            self.paramvals["subkey"], self.passname
+                        )
+                    )
+
                 return None
 
     @contextmanager
@@ -481,6 +511,7 @@ class LookupModule(LookupBase):
             'umask': self.get_option('umask'),
             'timestamp': self.get_option('timestamp'),
             'preserve': self.get_option('preserve'),
+            "missing_subkey": self.get_option("missing_subkey"),
         }
 
     def run(self, terms, variables, **kwargs):