diff --git a/changelogs/fragments/82497.yml b/changelogs/fragments/82497.yml new file mode 100644 index 00000000000..54c179e56ea --- /dev/null +++ b/changelogs/fragments/82497.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - apt_key - consider expired keys while performing various operations (https://github.com/ansible/ansible/issues/82497). diff --git a/lib/ansible/modules/apt_key.py b/lib/ansible/modules/apt_key.py index 669bad20c6f..b0c34096f0b 100644 --- a/lib/ansible/modules/apt_key.py +++ b/lib/ansible/modules/apt_key.py @@ -255,7 +255,7 @@ def parse_output_for_keys(output, short_format=False): found = [] lines = to_native(output).split('\n') for line in lines: - if (line.startswith("pub") or line.startswith("sub")) and "expired" not in line: + if line.startswith(("pub", "sub")): try: # apt key format tokens = line.split() diff --git a/test/integration/targets/apt_key/files/expired_key.gpg b/test/integration/targets/apt_key/files/expired_key.gpg new file mode 100644 index 00000000000..dfd27ab37ff --- /dev/null +++ b/test/integration/targets/apt_key/files/expired_key.gpg @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBFhRi/gBEADP0j1HExwry0VUVraDmh21uaeAOM0wzU7F+il8kKuXJeLKWsw3 +gfANgMxq5VqDOnVlZBNyn5jc6bShLCZvCFQhL8NBIKUUbAr1SgoutlqjvNNmJWrL +AH5hUkFLQ7mLT5rdrKtAV0nctlr5dYVdnpqoL1oJFmfKrV+nwPlt5NKe6B0c4pmn +WLv9eH0hu0iwrnnccHKrZFis4eKLQrbvGMMaE+xBwYYXhYcdKp0NHMcjMTXHq1Jp +SGpFp6H2zMb1JYla+dgnmNMts280OMKiDZumRtn/f1hOgjiPU0EbdhvsgleFBGz6 +BPOJ7yRjzDtoBHBirwcLiOVyjtUEtJWj+TQbfN/cKbOG/cwqYR0v8mAmhROhYCXm +umNgPtD5hTUgg/4wXxgx+2WLhp4SKy5xxZ21WSyOR7YPgGnp7sYco1wc5yisXFFL +o2hqeZcDCwWSEcMTUQzCt4erkIKbnpd4WTES9WH4Fibid9dBtF/bRDZbdJjaxbSc +eR0tXrTLzaETZluU173krPTaj1YuH0eKJj0b5+RgKGHi7OI8SnQBUz5Rcz44KJiR +3NBLV/gUw96nMYaxDdnXr9+PsYRBav0gMHF82hCFqq4bwSgRu430Myr++K1b/RZR +TGFPRrpLhR1ni/R/yObrDwm+ZR9D/V+0zJmUrejhXgSKjyimZuvdz5yF+wARAQAB +tDdNb25nb0RCIDMuNiBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u +Z29kYi5jb20+iQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC +XA6ZmgUJDSMO/gAKCRBYcSoikfpK1QnBEACQVjnrxtr8tvs1SJ1ORnfUKazf0SL4 +c8wHC3y/SxaWbZqfMiEddeDkWk/6pSYJhoJRZliSVJ8+FvB44J5ddHhzFGAPTrmu +y4zNqoSkRNjSAoEABkLMwE5Iv7IENHtFWfvVYlQ1UACwtsFKdm8iFQ7RnKl+pF/L +/m7IfrNzgyU5xN6U3v3rZXKuSFbMFcD0W+z6+0kin+QtcvE4lPO1ahIBfVatOOZQ +yagi1fYt1dApQWxtbFK2zq8leoz9qQFwtw3POSBfrJjmu/JldYHYLRMKFrs31NHP +e/wcfw8+rGBgzCvJxsKRTjPgz1n9CQc5IX1v2T+mJPWz4bt1fw4uL2+knLj69rDB +WjapJrlTLg4NRw90B+k/m3UKc/Yyz6O4YVgeW+k0ndEX89Db9CIT14QEkloTmzvO +QxLbRCLgI7nX7NrWSrjZ9e59WQ3EZ+KGFts+7cJWpm/GfuwZc8JkYy7eHn8eko3p +MhFyf5u4Gmz+ZWliEr1p5JfoIgqL5d7zcecNyWzyJ9liVg4n1xC3SnmclaufamqA ++I/KN81j1OqbLHwN8OwBNeuYqDsFak3bnK2L+MwCCubI8lC9Lmwebw3lwRPZVC70 +byOOVNADCDrk8JQyp2p/cY6hDbmgIuzfRH5Rx3Sb7DACxa5UmOBpNDOxKLaDBWWS +fey40FOow+cRyw== +=nmGM +-----END PGP PUBLIC KEY BLOCK----- diff --git a/test/integration/targets/apt_key/tasks/apt_key.yml b/test/integration/targets/apt_key/tasks/apt_key.yml index 0e01723755d..c316ce8d776 100644 --- a/test/integration/targets/apt_key/tasks/apt_key.yml +++ b/test/integration/targets/apt_key/tasks/apt_key.yml @@ -23,3 +23,25 @@ - 'apt_key_test0.changed is defined' - 'apt_key_test0.changed' - 'not apt_key_test1.changed' + +- name: Import Expired Key + apt_key: + data: "{{ lookup('ansible.builtin.file', 'expired_key.gpg') }}" + state: present + register: invalid_key_import + +- name: Check if key is imported + assert: + that: + - invalid_key_import.changed + +- name: Delete Expired Key + apt_key: + data: "{{ lookup('ansible.builtin.file', 'expired_key.gpg') }}" + state: absent + register: invalid_key_delete + +- name: Check if key is deleted + assert: + that: + - invalid_key_delete.changed