From d0a2a2e398d8fc143127258cd9ebb95efe48d45a Mon Sep 17 00:00:00 2001
From: Albin Vass <albin.vass@gmail.com>
Date: Fri, 15 May 2020 20:46:12 +0200
Subject: [PATCH] Make sure authorized_keys is not altered during a job

Change-Id: I5086fc7004c24813e4dae5a4c12037f237502d27
---
 playbooks/base/cleanup.yaml | 5 +++++
 playbooks/base/pre.yaml     | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/playbooks/base/cleanup.yaml b/playbooks/base/cleanup.yaml
index d793838..47f83fe 100644
--- a/playbooks/base/cleanup.yaml
+++ b/playbooks/base/cleanup.yaml
@@ -1,3 +1,8 @@
 - hosts: all
   roles:
     - remove-build-sshkey
+  tasks:
+    - name: Reinstall saved authorized_keys
+      copy:
+        src: "{{ zuul.executor.work_root }}/{{ inventory_hostname }}_authorized_keys"
+        dest: "{{ ansible_user_dir }}/.ssh/authorized_keys"
diff --git a/playbooks/base/pre.yaml b/playbooks/base/pre.yaml
index 0d1ed4b..8e53785 100644
--- a/playbooks/base/pre.yaml
+++ b/playbooks/base/pre.yaml
@@ -1,4 +1,9 @@
 - hosts: all
+  pre_tasks:
+    - name: Save authorized_keys
+      fetch:
+        src: "{{ ansible_user_dir }}/.ssh/authorized_keys"
+        dest: "{{ zuul.executor.work_root }}/{{ inventory_hostname }}_authorized_keys"
   roles:
     - add-build-sshkey
     - prepare-workspace