From 6a8eb4cc48f081bd26e7a55e48ddbd0beaa799fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Larivi=C3=A8re?=
 <ralariviere@devolutions.net>
Date: Mon, 24 Mar 2025 14:48:25 -0400
Subject: [PATCH] fix(create_secret): prevent moving existing credentials to
 root if no path is provided

---
 galaxy.yml                       | 2 +-
 plugins/module_utils/vaults.py   | 4 ++--
 plugins/modules/create_secret.py | 8 ++++++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/galaxy.yml b/galaxy.yml
index 9753b95..8e95679 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: devolutions
 name: dvls
-version: 1.2.2
+version: 1.2.3
 readme: README.md
 authors:
 - Danny Bédard <devops@devolutions.net>
diff --git a/plugins/module_utils/vaults.py b/plugins/module_utils/vaults.py
index a61935a..67fe215 100644
--- a/plugins/module_utils/vaults.py
+++ b/plugins/module_utils/vaults.py
@@ -117,8 +117,8 @@ def get_vault_entries(server_base_url, token, vault_id):
         raise Exception(f"An error occurred while getting vault entries: {e}")
 
 
-def find_entry_by_name(entries, name):
+def find_entry_by_name(entries, name, path=""):
     for entry in entries:
-        if entry.get("name") == name:
+        if entry.get("name") == name and entry.get("path") == path:
             return entry
     return None
diff --git a/plugins/modules/create_secret.py b/plugins/modules/create_secret.py
index d5af2c6..67f7f6e 100644
--- a/plugins/modules/create_secret.py
+++ b/plugins/modules/create_secret.py
@@ -150,9 +150,13 @@ def run_module():
     password = secret.get("value")
     secret_type = secret.get("secret_type")
     secret_subtype = secret.get("secret_subtype")
-    secret_path = secret.get("secret_path")
     description = secret.get("secret_description")
 
+    if secret.get("secret_path") is None:
+        secret_path = ""
+    else:
+        secret_path = secret.get("secret_path")
+
     vault_id = module.params.get("vault_id")
 
     try:
@@ -178,7 +182,7 @@ def run_module():
         )
 
         # when an existing entry is found, it gets updated. Otherwise a new entry gets created
-        entry = find_entry_by_name(path_entries, secret_name)
+        entry = find_entry_by_name(path_entries, secret_name, secret_path)
         if entry:
             vault_url = f"{server_base_url}/api/v1/vault/{vault_id}/entry/{entry['id']}"
             response = requests.put(vault_url, headers=vault_headers, json=vault_body)