---
- name: Find out whether to set repo_gpgcheck or not
  set_fact:
    do_zypper_repo_gpgcheck: >-
      {{ datadog_zypper_repo_gpgcheck if datadog_zypper_repo_gpgcheck != '' else (
        'yes' if datadog_zypper_repo == '' and datadog_agent_major_version|int != 5 else 'no'
      ) }}

- block:  # Work around due to SNI check for SLES11
  - name: Stat if current RPM key already exists
    stat:
      path: /tmp/DATADOG_RPM_KEY_CURRENT.public
    register: ddkeycurrent
  - name: Download current RPM key (SLES11)
    get_url:
      url: "{{ datadog_zypper_gpgkey_current }}"
      dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
      force: yes
    when: not ddkeycurrent.stat.exists
  when: ansible_distribution_version|int == 11

- name: Download current RPM key
  get_url:
    url: "{{ datadog_zypper_gpgkey_current }}"
    dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
    force: yes
  when: ansible_distribution_version|int >= 12

- name: Import current RPM key
  rpm_key:
    key: /tmp/DATADOG_RPM_KEY_CURRENT.public
    state: present
  when: not ansible_check_mode

# Do not import old key if installing Agent 7, as all Agent 7 packages are signed with the new key
- block:  # Work around due to SNI check for SLES11
  - name: Stat if RPM key already exists
    stat:
      path: /tmp/DATADOG_RPM_KEY.public
    register: ddkey
  - name: Download RPM key (SLES11)
    get_url:
      url: "{{ datadog_zypper_gpgkey }}"
      dest: /tmp/DATADOG_RPM_KEY.public
    when: not ddkey.stat.exists
  when: datadog_agent_major_version|int < 7 and ansible_distribution_version|int == 11

# Do not import old key if installing Agent 7, as all Agent 7 packages are signed with the new key
- name: Download RPM key
  get_url:
    url: "{{ datadog_zypper_gpgkey }}"
    dest: /tmp/DATADOG_RPM_KEY.public
    checksum: "sha256:{{ datadog_zypper_gpgkey_sha256sum }}"
  when: datadog_agent_major_version|int < 7 and ansible_distribution_version|int >= 12

- name: Import RPM key
  rpm_key:
    key: /tmp/DATADOG_RPM_KEY.public
    state: present
  when: datadog_agent_major_version|int < 7 and not ansible_check_mode

- block:  # Work around due to SNI check for SLES11
  - name: Stat if E09422B3 key (Expires 2022) RPM key already exists
    stat:
      path: /tmp/DATADOG_RPM_KEY_E09422B3.public
    register: ddnewkey
  - name: Download E09422B3 key (Expires 2022) RPM key (SLES11)
    get_url:
      url: "{{ datadog_zypper_gpgkey_e09422b3 }}"
      dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
    when: not ddnewkey.stat.exists
  when: ansible_distribution_version|int == 11

- name: Download E09422B3 key (Expires 2022) RPM key
  get_url:
    url: "{{ datadog_zypper_gpgkey_e09422b3 }}"
    dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
    checksum: "sha256:{{ datadog_zypper_gpgkey_e09422b3_sha256sum }}"
  when: ansible_distribution_version|int >= 12

- name: Import E09422B3 key (Expires 2022) RPM key
  rpm_key:
    key: /tmp/DATADOG_RPM_KEY_E09422B3.public
    state: present
  when: not ansible_check_mode

- block:  # Work around due to SNI check for SLES11
  - name: Stat if 20200908 key (Expires 2024) RPM key already exists
    stat:
      path: /tmp/DATADOG_RPM_KEY_20200908.public
    register: ddnewkey_20200908
  - name: Download 20200908 key (Expires 2024) RPM key (SLES11)
    get_url:
      url: "{{ datadog_zypper_gpgkey_20200908 }}"
      dest: /tmp/DATADOG_RPM_KEY_20200908.public
    when: not  ddnewkey_20200908.stat.exists
  when: ansible_distribution_version|int == 11

- name: Download 20200908 key (Expires 2024) RPM key
  get_url:
    url: "{{ datadog_zypper_gpgkey_20200908 }}"
    dest: /tmp/DATADOG_RPM_KEY_20200908.public
    checksum: "sha256:{{ datadog_zypper_gpgkey_20200908_sha256sum }}"
  when: ansible_distribution_version|int >= 12

- name: Import 20200908 key (Expires 2024) RPM key
  rpm_key:
    key: /tmp/DATADOG_RPM_KEY_20200908.public
    state: present
  when: not ansible_check_mode

# ansible don't allow repo_gpgcheck to be set, we have to create the repo file manually
- name: Install DataDog zypper repo
  template:
    src: zypper.repo.j2
    dest: /etc/zypp/repos.d/datadog.repo
    owner: "root"
    group: "root"
    mode: 0644
  register: datadog_zypper_repo

# refresh zypper repos only if the template changed
- name: refresh Datadog zypper_repos  # noqa 503
  command: zypper refresh datadog
  when: datadog_zypper_repo.changed and not ansible_check_mode
  args:
    warn: false  # silence warning about using zypper directly

- include_tasks: pkg-suse/install-pinned.yml
  when: datadog_agent_suse_version is defined

- include_tasks: pkg-suse/install-latest.yml
  when: datadog_agent_suse_version is not defined