tests: Implement backup & restore of important files for separate tests

.travis.yml

@@ -27,12 +27,12 @@ script:
   # Test 1a: Run the role
   - "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local --become -v"
 
-  # Test 1b: Run the role through include
+  # Test 1b: Run the role through include (skipping backup)
-  - "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default_include.yml --connection=local --become -v"
+  - "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default_include.yml -e sshd_test_backup_skip=yes --connection=local --become -v"
 
-  # Test 2: Run the role/playbook again, checking to make sure it's idempotent.
+  # Test 2: Run the role/playbook again, checking to make sure it's idempotent (skipping backup)
   - >
-    ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local --become | grep -q 'changed=0.*failed=0'
+    ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local -e sshd_test_backup_skip=yes --become | grep -q 'changed=0.*failed=0'
     && (echo 'Idempotence test: pass' && exit 0)
     || (echo 'Idempotence test: fail' && exit 1)
 

tests/tasks/backup.yml

@@ -0,0 +1,25 @@
+---
+- name: Create a temporary directory for backup files
+  tempfile:
+    state: directory
+  register: __sshd_test_backup
+  changed_when: False
+  when:
+    - sshd_test_backup_skip is not defined
+
+- name: Make sure openssh is installed before creating backup
+  package:
+    name: openssh-server
+    state: present
+
+- name: Backup files
+  shell: >
+    if test -f {{ item }}; then
+      mkdir -p {{ __sshd_test_backup.path }}/$(dirname {{ item }});
+      cp {{ item }} {{ __sshd_test_backup.path }}/$(dirname {{ item }})
+    fi
+  changed_when: False
+  loop: "{{ __sshd_test_backup_files | d([]) }}"
+  when:
+    - __sshd_test_backup is defined
+    - __sshd_test_backup.path is defined

tests/tasks/restore.yml

@@ -0,0 +1,34 @@
+---
+- name: Restore backed up files and remove what was not present
+  shell: >
+    if test -f {{ __sshd_test_backup.path }}/{{ item }}; then
+      cp {{ __sshd_test_backup.path }}/{{ item }} $(dirname {{ item }})
+    elif test -f {{ item }}; then
+      rm {{ item }}
+    fi
+  changed_when: False
+  loop: "{{ __sshd_test_backup_files | d([]) }}"
+  when:
+    - __sshd_test_backup is defined
+    - __sshd_test_backup.path is defined
+
+- name: Remove temporary directory for backup files
+  file:
+    path: "{{ __sshd_test_backup.path }}"
+    state: absent
+  changed_when: False
+  when:
+    - __sshd_test_backup is defined
+    - __sshd_test_backup.path is defined
+
+- name: Restart sshd service
+  service:
+    name: sshd
+    state: reloaded
+  changed_when: False
+  when:
+    - __sshd_test_backup is defined
+    - ansible_virtualization_type|default(None) != 'docker'
+    - ansible_virtualization_type|default(None) != 'VirtualPC' # for Github Actions
+    - ansible_connection != 'chroot'
+    - ansible_os_family != 'AIX'

tests/tests_alternative_file.yml

@@ -1,6 +1,15 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+      - /etc/ssh/sshd_config_custom
+      - /etc/ssh/sshd_config_custom_second
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: Configure alternative sshd_config file
     include_role:
       name: ansible-sshd
@@ -90,3 +99,6 @@
             - "'MaxStartups 100' not in config3.content | b64decode"
             - "'Compression no' not in config3.content | b64decode"
     tags: tests::verify
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_default.yml

@@ -1,4 +1,22 @@
 ---
+- hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+  tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
 - hosts: all
   roles:
   - ansible-sshd
+
+- hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+  tasks:
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_default_include.yml

@@ -1,6 +1,16 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: "Configure sshd"
     include_role:
       name: ansible-sshd
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_hostkeys.yml

@@ -1,6 +1,14 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+      - /tmp/ssh_host_ed25519_key
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: Remove host key before the test
     file:
       path: /tmp/ssh_host_ed25519_key
@@ -68,3 +76,6 @@
             - privkey.stat.mode == '0664'
             - pubkey.stat.exists
     tags: tests::verify
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_hostkeys_missing.yml

@@ -1,6 +1,14 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+      - /tmp/missing_ssh_host_rsa_key
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: Configure sshd with missing host keys and prevent their creation
     block:
       - name: Configure missing hostkey
@@ -24,10 +32,23 @@
             - ansible_failed_result.msg != 'UNREACH'
             - not role_result.changed
           msg: "Role has not failed when it should have"
+    tags: tests::verify
 
-      - name: Make sure service is still running
+  - name: Make sure the key was not created
-        service:
+    file:
-          name: sshd
+      path: /tmp/missing_ssh_host_rsa_key
-          state: started
+      state: missing
-        register: result
+    register: key
-        failed_when: result.changed
+    failed_when: key.changed
+    tags: tests::verify
+
+  - name: Make sure service is still running
+    service:
+      name: sshd
+      state: started
+    register: result
+    failed_when: result.changed
+    tags: tests::verify
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_match.yml

@@ -1,6 +1,13 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: Configure sshd
     include_role:
       name: ansible-sshd
@@ -79,3 +86,6 @@
             - "'Match User sftponly' in config.content | b64decode"
             - "'Match User root' in config.content | b64decode"
     tags: tests::verify
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_match_iterate.yml

@@ -1,6 +1,13 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: Configure sshd
     include_role:
       name: ansible-sshd
@@ -77,3 +84,6 @@
             - "'Match User sftponly' in config.content | b64decode"
             - "'Match User root' in config.content | b64decode"
     tags: tests::verify
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_set_common.yml

@@ -1,6 +1,13 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: Configure sshd
     include_role:
       name: ansible-sshd
@@ -42,3 +49,6 @@
             - "'Ciphers aes256-gcm@openssh.com' in config.content | b64decode"
             - "'Subsystem sftp internal-sftp' in config.content | b64decode"
     tags: tests::verify
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_set_uncommon.yml

@@ -1,6 +1,13 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: Configure sshd with uncommon options, making sure it keeps running
     block:
       - name: Configure ssh with unsupported options
@@ -42,9 +49,13 @@
             - not role_result.changed
           msg: "Role has not failed when it should have"
 
-      - name: Make sure service is still running
+  - name: Make sure service is still running
-        service:
+    service:
-          name: sshd
+      name: sshd
-          state: started
+      state: started
-        register: result
+    register: result
-        failed_when: result.changed
+    failed_when: result.changed
+    tags: tests::verify
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml

tests/tests_sysconfig.yml

@@ -1,6 +1,14 @@
 ---
 - hosts: all
+  vars:
+    __sshd_test_backup_files:
+      - /etc/ssh/sshd_config
+      - /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+      - /etc/sysconfig/sshd
   tasks:
+  - name: "Backup configuration files"
+    include_tasks: tasks/backup.yml
+
   - name: Configure sshd
     include_role:
       name: ansible-sshd
@@ -39,3 +47,6 @@
           - ansible_facts['os_family'] == "RedHat"
           - ansible_facts['distribution'] != 'Fedora'
     tags: tests::verify
+
+  - name: "Restore configuration files"
+    include_tasks: tasks/restore.yml