[PR #9106/105ae056 backport][stable-9] bugfix - Prevent passwordstore lookup to create subkey when create == false (#9779)

bugfix - Prevent passwordstore lookup to create subkey when create == false (#9106)

Fixes #9105

Apply suggestion

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 105ae0566a)

Co-authored-by: Manuel Luzarreta <mluzarreta.pro@pm.me>

changelogs/fragments/9106-passwordstore-fix-subkey-creation-even-when-create-==-false.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - passwordstore lookup plugin - fix subkey creation even when ``create=false`` (https://github.com/ansible-collections/community.general/issues/9105, https://github.com/ansible-collections/community.general/pull/9106).

plugins/lookup/passwordstore.py

@@ -578,11 +578,15 @@ class LookupModule(LookupBase):
         for term in terms:
             self.parse_params(term)   # parse the input into paramvals
             with self.opt_lock('readwrite'):
-                if self.check_pass():     # password exists
+                if self.check_pass():     # password file exists
-                    if self.paramvals['overwrite']:
+                    if self.paramvals['overwrite']:  # if "overwrite", always update password
                         with self.opt_lock('write'):
                             result.append(self.update_password())
-                    elif self.paramvals["subkey"] != "password" and not self.passdict.get(self.paramvals['subkey']):  # password exists but not the subkey
+                    elif (
+                        self.paramvals["subkey"] != "password"
+                        and not self.passdict.get(self.paramvals["subkey"])
+                        and self.paramvals["missing"] == "create"
+                    ):  # target is a subkey, this subkey is not in passdict BUT missing == create
                         with self.opt_lock('write'):
                             result.append(self.update_password())
                     else: