From 0599495644c4bef9037deb36eb257d46bff10de0 Mon Sep 17 00:00:00 2001
From: Chad Condon <chad@condon.tech>
Date: Thu, 2 Mar 2023 09:07:02 -0800
Subject: [PATCH] Import RPM keys directly from URL

Forced downloads to `/tmp/` are not idempotent.
---
 tasks/pkg-redhat.yml | 24 +++---------------------
 1 file changed, 3 insertions(+), 21 deletions(-)

diff --git a/tasks/pkg-redhat.yml b/tasks/pkg-redhat.yml
index a6453733..7561def1 100644
--- a/tasks/pkg-redhat.yml
+++ b/tasks/pkg-redhat.yml
@@ -25,39 +25,21 @@
         ) else 'yes'
       ) }}
 
-- name: Download current RPM key
-  get_url:
-    url: "{{ datadog_yum_gpgkey_current }}"
-    dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
-    force: yes
-
 - name: Import current RPM key
   rpm_key:
-    key: /tmp/DATADOG_RPM_KEY_CURRENT.public
+    key: "{{ datadog_yum_gpgkey_current }}"
     state: present
   when: not ansible_check_mode
 
-- name: Download new RPM key (Expires in 2022)
-  get_url:
-    url: "{{ datadog_yum_gpgkey_e09422b3 }}"
-    dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
-    checksum: "sha256:{{ datadog_yum_gpgkey_e09422b3_sha256sum }}"
-
 - name: Import new RPM key (Expires in 2022)
   rpm_key:
-    key: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    key: "{{ datadog_yum_gpgkey_e09422b3 }}"
     state: present
   when: not ansible_check_mode
 
-- name: Download new RPM key (Expires in 2024)
-  get_url:
-    url: "{{ datadog_yum_gpgkey_20200908 }}"
-    dest: /tmp/DATADOG_RPM_KEY_20200908.public
-    checksum: "sha256:{{ datadog_yum_gpgkey_20200908_sha256sum }}"
-
 - name: Import new RPM key (Expires in 2024)
   rpm_key:
-    key: /tmp/DATADOG_RPM_KEY_20200908.public
+    key: "{{ datadog_yum_gpgkey_20200908 }}"
     state: present
   when: not ansible_check_mode