tests: Verify the defaults of this role do not change os defaults

.travis.yml

@@ -24,6 +24,9 @@ script:
   - wget https://raw.githubusercontent.com/ansible/galaxy/devel/galaxy/importer/linters/yamllint.yaml
   - "yamllint -c yamllint.yaml **/*.yml"
 
+  # Test 0.5: OS defaults: Travis images have heavily updated (even with invalid configuration options)
+  # sshd_config so it does not make sense to test OS defaults here
+
   # Test 1a: Run the role
   - "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local --become -v"
 

tests/tests_os_defaults.yml

@@ -0,0 +1,38 @@
+---
+- hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+      - /etc/ssh/ssh_host_rsa_key
+      - /etc/ssh/ssh_host_rsa_key.pub
+  tasks:
+  - name: Backup configuration files
+    include_tasks: tasks/backup.yml
+
+  - name: Show effective configuration before running role (system defaults)
+    shell: >
+      if test ! -f /etc/ssh/ssh_host_rsa_key; then
+        ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
+      fi;
+      sshd -T
+    register: runtime_before
+  - name: Configure sshd
+    include_role:
+      name: ansible-sshd
+  - name: Show effective configuration after running role (role defaults)
+    shell: sshd -T
+    register: runtime_after
+  - debug:
+      var: ansible_facts['distribution']
+  - debug:
+      var: ansible_facts['distribution_major_version']
+  - name: Check that the effective configuration did not change from OS defaults
+    assert:
+      that:
+        - runtime_before.stdout == runtime_after.stdout
+    when:
+      - not (ansible_facts['distribution'] == 'RedHat' and ansible_facts['distribution_major_version'] == '6')
+
+  - name: Restore configuration files
+    include_tasks: tasks/restore.yml