From 9aa94c643cf1aee642a33b6d05418ee81e58d583 Mon Sep 17 00:00:00 2001
From: shaerpour <amirhosseinshaerpour1@gmail.com>
Date: Sat, 31 May 2025 10:37:18 +0330
Subject: [PATCH] refactor: Check idempotency for re-create key with force
 option

---
 plugins/modules/ssh_key.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/plugins/modules/ssh_key.py b/plugins/modules/ssh_key.py
index c9e2f20..ffd8048 100644
--- a/plugins/modules/ssh_key.py
+++ b/plugins/modules/ssh_key.py
@@ -130,6 +130,7 @@ from ansible.module_utils.basic import AnsibleModule
 from ..module_utils.hcloud import AnsibleHCloud
 from ..module_utils.vendor.hcloud import HCloudException
 from ..module_utils.vendor.hcloud.ssh_keys import BoundSSHKey
+from ..module_utils.ssh import ssh_public_key_md5_fingerprint
 
 
 class AnsibleHCloudSSHKey(AnsibleHCloud):
@@ -189,11 +190,14 @@ class AnsibleHCloudSSHKey(AnsibleHCloud):
             self._mark_as_changed()
 
         force = self.module.params.get("force")
-        if force is not None and force:
-            if not self.module.check_mode:
-                self.hcloud_ssh_key.delete()
-                self._create_ssh_key()
-            self._mark_as_changed()
+        public_key = self.module.params.get("public_key")
+        if force is not None and public_key is not None and force:
+            fingerprint = ssh_public_key_md5_fingerprint(public_key)
+            if fingerprint != self.hcloud_ssh_key.fingerprint:
+                if not self.module.check_mode:
+                    self.hcloud_ssh_key.delete()
+                    self._create_ssh_key()
+                self._mark_as_changed()
         self._get_ssh_key()
 
     def present_ssh_key(self):