From 6361eacbf0dd56e0171aa26654f2a29a3baf050f Mon Sep 17 00:00:00 2001
From: joschneider <jott.ess@web.de>
Date: Tue, 21 Jan 2020 10:56:59 +0100
Subject: [PATCH] repo gpg key id as a paramater

---
 roles/elastic-stack/ansible-elasticsearch/defaults/main.yml | 1 +
 roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml  | 2 +-
 roles/elastic-stack/ansible-kibana/defaults/main.yml        | 1 +
 roles/elastic-stack/ansible-kibana/tasks/Debian.yml         | 2 +-
 roles/wazuh/ansible-filebeat/defaults/main.yml              | 1 +
 roles/wazuh/ansible-filebeat/tasks/Debian.yml               | 2 +-
 roles/wazuh/ansible-wazuh-agent/defaults/main.yml           | 1 +
 roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml            | 2 +-
 roles/wazuh/ansible-wazuh-manager/defaults/main.yml         | 1 +
 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml          | 2 +-
 10 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
index 8b16fb18..1a737c04 100644
--- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
@@ -11,6 +11,7 @@ elasticrepo:
   apt: 'https://artifacts.elastic.co/packages/7.x/apt'
   yum: 'https://artifacts.elastic.co/packages/7.x/yum'
   gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+  kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
 
 # Cluster Settings
 single_node: true
diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
index e908d63c..cfdbe342 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
@@ -31,7 +31,7 @@
 - name: Debian/Ubuntu | Add Elasticsearch GPG key.
   apt_key:
     url: "{{ elasticrepo.gpg }}"
-    id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
+    id: "{{ elasticrepo.kid }}"
     state: present
 
 - name: Debian/Ubuntu | Install Elastic repo
diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml
index e741567a..07675f85 100644
--- a/roles/elastic-stack/ansible-kibana/defaults/main.yml
+++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml
@@ -13,6 +13,7 @@ elasticrepo:
   apt: 'https://artifacts.elastic.co/packages/7.x/apt'
   yum: 'https://artifacts.elastic.co/packages/7.x/yum'
   gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+  kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
 
 # API credentials
 wazuh_api_credentials:
diff --git a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
index 597a6354..ff4373dc 100644
--- a/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
@@ -11,7 +11,7 @@
 - name: Debian/Ubuntu | Add Elasticsearch GPG key
   apt_key:
     url: "{{ elasticrepo.gpg }}"
-    id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
+    id: "{{ elasticrepo.kid }}"
     state: present
 
 - name: Debian/Ubuntu | Install Elastic repo
diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml
index 7f49790e..5b655311 100644
--- a/roles/wazuh/ansible-filebeat/defaults/main.yml
+++ b/roles/wazuh/ansible-filebeat/defaults/main.yml
@@ -54,3 +54,4 @@ elasticrepo:
   apt: 'https://artifacts.elastic.co/packages/7.x/apt'
   yum: 'https://artifacts.elastic.co/packages/7.x/yum'
   gpg: 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+  kid: '46095ACC8548582C1A2699A9D27D666CD88E42B4'
diff --git a/roles/wazuh/ansible-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml
index 1a97d44f..bdd7dc51 100644
--- a/roles/wazuh/ansible-filebeat/tasks/Debian.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/Debian.yml
@@ -11,7 +11,7 @@
 - name: Debian/Ubuntu | Add Elasticsearch apt key.
   apt_key:
     url: "{{ elasticrepo.gpg }}"
-    id: 46095ACC8548582C1A2699A9D27D666CD88E42B4
+    id: "{{ elasticrepo.kid }}"
     state: present
 
 - name: Debian/Ubuntu | Add Filebeat repository.
diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 9db5406d..d92b07b4 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -60,6 +60,7 @@ wazuh_agent_config:
     apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
     yum: 'https://packages.wazuh.com/3.x/yum/'
     gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+    kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
   active_response:
     ar_disabled: 'no'
     ca_store: '/var/ossec/etc/wpk_root.pem'
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
index d3d12c22..452fbdf8 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@@ -25,7 +25,7 @@
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key:
     url: "{{ wazuh_agent_config.repo.gpg }}"
-    id: 0DCFCA5547B19D2A6099506096B3EE5F29111145
+    id: "{{ wazuhrepo.kid }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
     - not wazuh_agent_sources_installation.enabled
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 638fa90b..fadc54f9 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -52,6 +52,7 @@ wazuh_manager_config:
     apt: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
     yum: 'https://packages.wazuh.com/3.x/yum/'
     gpg: 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+    kid: '0DCFCA5547B19D2A6099506096B3EE5F29111145'
   json_output: 'yes'
   alerts_log: 'yes'
   logall: 'no'
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index f47a3ef7..e4b69bcb 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -28,7 +28,7 @@
 - name: Debian/Ubuntu | Installing Wazuh repository key
   apt_key:
     url: "{{ wazuh_manager_config.repo.gpg }}"
-    id: 0DCFCA5547B19D2A6099506096B3EE5F29111145
+    id: "{{ wazuhrepo.kid }}"
   when:
     - not (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int == 14)
     - not wazuh_manager_sources_installation.enabled or not wazuh_api_sources_installation.enabled