---
- name: Check if MSVSphere test PGP key exists
  ansible.builtin.shell:
    cmd: "gpg --list-secret-keys | grep 'MSVSphere {{ msvsphere_major_ver }} Test Key'"
  ignore_errors: true
  register: pgp_test_key_check
  changed_when: pgp_test_key_check.rc != 0

- name: Generate MSVSphere test PGP key
  block:
    - name: Create PGP batch file
      ansible.builtin.tempfile:
        state: file
        prefix: scbs_
      register: pgp_test_key_batch

    - name: Populate PGP batch file
      ansible.builtin.template:
        src: msvsphere-test-key.batch.j2
        dest: "{{ pgp_test_key_batch.path }}"

    - name: Generate test PGP key
      ansible.builtin.command: "gpg --batch --generate-key {{ pgp_test_key_batch.path }}"

    - name: Delete PGP batch file
      ansible.builtin.file:
        path: "{{ pgp_test_key_batch.path }}"
        state: absent
  when: pgp_test_key_check.rc != 0

- name: Check if MSVSphere test PGP key imported
  ansible.builtin.shell:
    cmd: rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey) | grep 'MSVSphere 9 Test Key'
  ignore_errors: true
  register: pgp_test_key_imported
  changed_when: pgp_test_key_imported.rc != 0

- name: Import MSVSphere test PGP key to RPM DB
  block:
    - name: Get user home directory
      ansible.builtin.shell: "getent passwd $(id -u) | awk -F: '{ print $6 }'"
      changed_when: false
      register: pgp_test_key_user

    - name: Export MSVSphere test PGP public key
      ansible.builtin.command:
        cmd: "gpg --output {{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }} --export --armor --batch --yes 'MSVSphere {{ msvsphere_major_ver }} Test Key'"

    - name: Copy MSVSphere test PGP public key to /etc/pki/rpm-gpg/
      ansible.builtin.copy:
        remote_src: true
        src: "{{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }}"
        dest: "/etc/pki/rpm-gpg/RPM-GPG-KEY-MSVSphere-{{ msvsphere_major_ver }}-Test-Key"
        owner: root
        group: root
        mode: '0644'
      become: true

    - name: Import MSVSphere test PGP key to RPM DB
      ansible.builtin.rpm_key:
        key: "{{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }}"
        state: present
      become: true
  when: pgp_test_key_imported.rc != 0