feat(plugins/bitwarden): add file-based item cache to reduce bw serve API calls

CHANGELOG.md

@@ -23,6 +23,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+* **plugin:bitwarden_item**: Add file-based item cache to reduce `bw serve` API calls, preventing crashes under load. Cache is stored in `$XDG_RUNTIME_DIR` (RAM-backed tmpfs) with `/tmp` fallback. After create/edit operations, the cache is updated inline to avoid expensive full re-syncs, with a 1-second sleep as rate limit to prevent Bitwarden API errors. Convert `is_unlocked` to a property to fix it never being called.
 * **role:freeipa_server**: Add `--diff` support for all FreeIPA modules and add `freeipa_server:configure` tag
 * **role:mariadb_server**: Add `mariadb_server__cnf_wsrep_log_conflicts` and `mariadb_server__cnf_wsrep_retry_autocommit` variables
 * **role:mariadb_server**: Add `mariadb_server__cnf_wsrep_gtid_mode` variable to configure `wsrep_gtid_mode` for Galera
@@ -69,6 +70,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+* **plugin:bitwarden_item**: Fix missing `raise` in multipart error handling, `break` instead of `continue` in multi-term lookup, `folder_id` wrongly typed as `list` instead of `str` in module, notes default mismatch between documentation and code, and wrong "lookup plugin" wording in module documentation
 * **role:mirror**: Fix missing `0440` permissions on sudoers file
 * **role:login**: Rename sudoers file from `lfops_login` to `linuxfabrik` to match the kickstart configuration; remove the old file automatically
 * **roles**: Fix Ansible 2.19 deprecation warning for conditional results of type `int` by using `| length > 0` instead of `| length`

plugins/lookup/bitwarden_item.py

@@ -277,8 +277,6 @@
     sample: 'root'
 '''
 
-import time
-
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 from ansible.utils.display import Display
@@ -290,9 +288,6 @@
 # https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html#developing-lookup-plugins
 # inspired by the lookup plugins lastpass (same topic) and redis (more modern)
 
-SYNC_INTERVAL = 60 # seconds
-SYNC_TIMESTAMP_FILE = '/tmp/lfops_bitwarden_sync_time'
-
 class LookupModule(LookupBase):
 
     def run(self, terms, variables=None, **kwargs):
@@ -302,23 +297,7 @@ def run(self, terms, variables=None, **kwargs):
             raise AnsibleError('Not logged into Bitwarden, or Bitwarden Vault is locked. Please run `bw login` and `bw unlock` first.')
         display.vvv('lfbwlp - run - bitwarden vault is unlocked')
 
-        timestamp = 0
-        try:
-            with open(SYNC_TIMESTAMP_FILE, 'r') as f:
-                timestamp = float(f.read().strip())
-        except (ValueError, IOError):
-            pass # we just sync if an error occurs
-
-        if time.time() - timestamp >= SYNC_INTERVAL:
-            display.vvv('lfbwlp - run - syncing the vault')
-            bw.sync()
-            timestamp = time.time()
-
-            try:
-                with open(SYNC_TIMESTAMP_FILE, 'w') as f:
-                    f.write(str(timestamp))
-            except IOError:
-                display.vvv('lfbwlp - run - failed to write last sync time')
+        bw.sync()
 
         ret = []
         for term in terms:
@@ -329,7 +308,7 @@ def run(self, terms, variables=None, **kwargs):
                 hostname = term.get('hostname', None)
                 id_ = term.get('id', None)
                 name = term.get('name', None)
-                notes = term.get('notes', 'Automatically generated by Ansible.')
+                notes = term.get('notes', 'Generated by Ansible.')
                 organization_id = term.get('organization_id', None)
                 password_length = term.get('password_length', 60)
                 password_choice = term.get('password_choice', '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
@@ -347,7 +326,7 @@ def run(self, terms, variables=None, **kwargs):
                     result['username'] = result['login']['username']
                     result['password'] = result['login']['password']
                     ret.append(result)
-                    break # done here, go to next term
+                    continue # done here, go to next term
                 else:
                     # item not found by ID. if there is an ID given we expect it to exist
                     raise AnsibleError('Item with id {} not found.'.format(id_))