From ef69ba2fadfd9c484a5b009b79c0d27ee282613d Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Thu, 9 Jun 2016 09:02:50 -0500
Subject: [PATCH] Add initial support for Red Hat Enterprise Linux 7

This patch adds initial support for Red Hat Enterprise Linux 7. Although
it has been tested on release 7.2, it's not possible to test Red Hat
Enterprise Linux in the OpenStack CI gate jobs.

Release notes are included.

Change-Id: I62e06b9b105bc901eab6a019a378b29691862658
Partial-bug: 1588544
---
 .../rhel-gpg-check-0b483a824314d1b3.yaml      |  7 ++++
 tasks/rpm.yml                                 | 37 +++++++++++++++++--
 2 files changed, 41 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/rhel-gpg-check-0b483a824314d1b3.yaml

diff --git a/releasenotes/notes/rhel-gpg-check-0b483a824314d1b3.yaml b/releasenotes/notes/rhel-gpg-check-0b483a824314d1b3.yaml
new file mode 100644
index 00000000..3ad7f458
--- /dev/null
+++ b/releasenotes/notes/rhel-gpg-check-0b483a824314d1b3.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    The GPG key checks for package verification in V-38476 are now working for
+    Red Hat Enterprise Linux 7 in addition to CentOS 7. The checks only look
+    for GPG keys from Red Hat and any other GPG keys, such as ones imported
+    from the EPEL repository, are skipped.
diff --git a/tasks/rpm.yml b/tasks/rpm.yml
index de556e48..9197d687 100644
--- a/tasks/rpm.yml
+++ b/tasks/rpm.yml
@@ -16,18 +16,49 @@
 - name: Check if CentOS 7 GPG keys are installed (for V-38476)
   command: rpm -qi gpg-pubkey-f4a80eb5-53a7ff4b
   register: v38476_result
-  changed_when: "v38476_result.rc != 0"
+  changed_when: v38476_result | failed
   failed_when: False
   always_run: True
+  when:
+    - ansible_distribution == 'CentOS'
   tags:
     - package
     - cat1
     - V-38476
 
-- name: V-38476 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.
+- name: V-38476 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software. (CentOS)
   fail:
     msg: "Missing CentOS 7 GPG keys"
-  when: "v38476_result.rc != 0"
+  when:
+    - ansible_distribution == 'CentOS'
+    - v38476_result | failed
+  tags:
+    - package
+    - cat1
+    - V-38476
+
+- name: Check if Red Hat Enterprise Linux 7 GPG keys are installed (for V-38476)
+  command: "rpm -qi {{ item }}"
+  register: v38476_result
+  changed_when: v38476_result | failed
+  failed_when: False
+  always_run: True
+  with_items:
+    - gpg-pubkey-fd431d51-4ae0493b
+    - gpg-pubkey-2fa658e0-45700c69
+  when:
+    - ansible_distribution == 'RedHat'
+  tags:
+    - package
+    - cat1
+    - V-38476
+
+- name: V-38476 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software. (Red Hat Enteprise Linux)
+  fail:
+    msg: "Missing Red Hat Enterprise Linux 7 GPG keys"
+  when:
+    - ansible_distribution == 'RedHat'
+    - v38476_result | failed
   tags:
     - package
     - cat1