diff options
Diffstat (limited to 'test/integration/targets/subversion')
19 files changed, 455 insertions, 0 deletions
diff --git a/test/integration/targets/subversion/aliases b/test/integration/targets/subversion/aliases new file mode 100644 index 0000000..23ada3c --- /dev/null +++ b/test/integration/targets/subversion/aliases @@ -0,0 +1,7 @@ +setup/always/setup_passlib +shippable/posix/group2 +skip/osx +skip/macos +skip/rhel/9.0b # svn checkout hangs +destructive +needs/root diff --git a/test/integration/targets/subversion/roles/subversion/defaults/main.yml b/test/integration/targets/subversion/roles/subversion/defaults/main.yml new file mode 100644 index 0000000..e647d59 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/defaults/main.yml @@ -0,0 +1,10 @@ +--- +apache_port: 11386 # cannot use 80 as httptester overrides this +subversion_test_dir: /tmp/ansible-svn-test-dir +subversion_server_dir: /tmp/ansible-svn # cannot use a path in the home dir without userdir or granting exec permission to the apache user +subversion_repo_name: ansible-test-repo +subversion_repo_url: http://127.0.0.1:{{ apache_port }}/svn/{{ subversion_repo_name }} +subversion_repo_auth_url: http://127.0.0.1:{{ apache_port }}/svnauth/{{ subversion_repo_name }} +subversion_username: subsvn_user''' +subversion_password: Password123! +subversion_external_repo_url: https://github.com/ansible/ansible.github.com # GitHub serves SVN diff --git a/test/integration/targets/subversion/roles/subversion/files/create_repo.sh b/test/integration/targets/subversion/roles/subversion/files/create_repo.sh new file mode 100644 index 0000000..cc7f407 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/files/create_repo.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +svnadmin create "$1" +svn mkdir "file://$PWD/$1/trunk" -m "make trunk" +svn mkdir "file://$PWD/$1/tags" -m "make tags" +svn mkdir "file://$PWD/$1/branches" -m "make branches" diff --git a/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml b/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml new file mode 100644 index 0000000..9be43b4 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml @@ -0,0 +1,8 @@ +--- +- name: stop apache after tests + shell: "kill -9 $(cat '{{ subversion_server_dir }}/apache.pid')" + +- name: remove tmp subversion server dir + file: + path: '{{ subversion_server_dir }}' + state: absent diff --git a/test/integration/targets/subversion/roles/subversion/tasks/main.yml b/test/integration/targets/subversion/roles/subversion/tasks/main.yml new file mode 100644 index 0000000..0d6acb8 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: setup subversion server + import_tasks: setup.yml + tags: setup + +- name: verify that subversion is installed so this test can continue + shell: which svn + tags: always + +- name: run tests + import_tasks: tests.yml + tags: tests + +- name: run warning + import_tasks: warnings.yml + tags: warnings + +- name: clean up + import_tasks: cleanup.yml + tags: cleanup diff --git a/test/integration/targets/subversion/roles/subversion/tasks/setup.yml b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml new file mode 100644 index 0000000..3cf5af5 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml @@ -0,0 +1,72 @@ +--- +- name: clean out the checkout dir + file: + path: '{{ subversion_test_dir }}' + state: '{{ item }}' + loop: + - absent + - directory + +- name: install SVN pre-reqs + package: + name: '{{ subversion_packages }}' + state: present + when: ansible_distribution != 'Alpine' + +- name: install SVN pre-reqs - Alpine + command: 'apk add -U -u {{ subversion_packages|join(" ") }}' + when: ansible_distribution == 'Alpine' + +- name: upgrade SVN pre-reqs + package: + name: '{{ upgrade_packages }}' + state: latest + when: + - upgrade_packages | default([]) + +- name: create SVN home folder + file: + path: '{{ subversion_server_dir }}' + state: directory + +- name: setup selinux when enabled + include_tasks: setup_selinux.yml + when: ansible_selinux.status == "enabled" + +- name: template out configuration file + template: + src: subversion.conf.j2 + dest: '{{ subversion_server_dir }}/subversion.conf' + +- name: create a test repository + script: create_repo.sh {{ subversion_repo_name }} + args: + chdir: '{{ subversion_server_dir }}' + creates: '{{ subversion_server_dir }}/{{ subversion_repo_name }}' + +- name: add test user to htpasswd for Subversion site + htpasswd: + path: '{{ subversion_server_dir }}/svn-auth-users' + name: '{{ subversion_username }}' + password: '{{ subversion_password }}' + state: present + +- name: apply ownership for all SVN directories + file: + path: '{{ subversion_server_dir }}' + owner: '{{ apache_user }}' + group: '{{ apache_group }}' + recurse: True + +- name: start test Apache SVN site - non Red Hat + command: apachectl -k start -f {{ subversion_server_dir }}/subversion.conf + async: 3600 # We kill apache manually in the clean up phase + poll: 0 + when: ansible_os_family not in ['RedHat', 'Alpine'] + +# On Red Hat based OS', we can't use apachectl to start up own instance, just use the raw httpd +- name: start test Apache SVN site - Red Hat + command: httpd -k start -f {{ subversion_server_dir }}/subversion.conf + async: 3600 # We kill apache manually in the clean up phase + poll: 0 + when: ansible_os_family in ['RedHat', 'Alpine'] diff --git a/test/integration/targets/subversion/roles/subversion/tasks/setup_selinux.yml b/test/integration/targets/subversion/roles/subversion/tasks/setup_selinux.yml new file mode 100644 index 0000000..a9ffa71 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/tasks/setup_selinux.yml @@ -0,0 +1,11 @@ +- name: set SELinux security context for SVN folder + sefcontext: + target: '{{ subversion_server_dir }}(/.*)?' + setype: '{{ item }}' + state: present + with_items: + - httpd_sys_content_t + - httpd_sys_rw_content_t + +- name: apply new SELinux context to filesystem + command: restorecon -irv {{ subversion_server_dir | quote }} diff --git a/test/integration/targets/subversion/roles/subversion/tasks/tests.yml b/test/integration/targets/subversion/roles/subversion/tasks/tests.yml new file mode 100644 index 0000000..b8f85d9 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/tasks/tests.yml @@ -0,0 +1,145 @@ +# test code for the svn module +# (c) 2014, Michael DeHaan <michael.dehaan@gmail.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# checks out every branch so using a small repo + +- name: initial checkout + subversion: + repo: '{{ subversion_repo_url }}' + dest: '{{ subversion_test_dir }}/svn' + register: subverted + +- name: check if dir was checked out + stat: + path: '{{ subversion_test_dir }}/svn' + register: subverted_result + +# FIXME: the before/after logic here should be fixed to make them hashes, see GitHub 6078 +# looks like this: { +# "after": [ +# "Revision: 9", +# "URL: https://github.com/jimi-c/test_role" +# ], +# "before": null, +# "changed": true, +# "item": "" +# } +- name: verify information about the initial clone + assert: + that: + - "'after' in subverted" + - "subverted.after.1 == 'URL: ' ~ subversion_repo_url" + - "not subverted.before" + - "subverted.changed" + - subverted_result.stat.exists + +- name: repeated checkout + subversion: + repo: '{{ subversion_repo_url }}' + dest: '{{ subversion_test_dir }}/svn' + register: subverted2 + +- name: verify on a reclone things are marked unchanged + assert: + that: + - "not subverted2.changed" + +- name: check for tags + stat: path={{ subversion_test_dir }}/svn/tags + register: tags + +- name: check for trunk + stat: path={{ subversion_test_dir }}/svn/trunk + register: trunk + +- name: check for branches + stat: path={{ subversion_test_dir }}/svn/branches + register: branches + +- name: assert presence of tags/trunk/branches + assert: + that: + - "tags.stat.isdir" + - "trunk.stat.isdir" + - "branches.stat.isdir" + +- name: remove checked out repo + file: + path: '{{ subversion_test_dir }}/svn' + state: absent + +- name: checkout with quotes in username + subversion: + repo: '{{ subversion_repo_auth_url }}' + dest: '{{ subversion_test_dir }}/svn' + username: '{{ subversion_username }}' + password: '{{ subversion_password }}' + register: subverted3 + +- name: get result of checkout with quotes in username + stat: + path: '{{ subversion_test_dir }}/svn' + register: subverted3_result + +- name: assert checkout with quotes in username + assert: + that: + - subverted3 is changed + - subverted3_result.stat.exists + - subverted3_result.stat.isdir + +- name: checkout with export + subversion: + repo: '{{ subversion_repo_url }}' + dest: '{{ subversion_test_dir }}/svn-export' + export: True + register: subverted4 + +- name: check for tags + stat: path={{ subversion_test_dir }}/svn-export/tags + register: export_tags + +- name: check for trunk + stat: path={{ subversion_test_dir }}/svn-export/trunk + register: export_trunk + +- name: check for branches + stat: path={{ subversion_test_dir }}/svn-export/branches + register: export_branches + +- name: assert presence of tags/trunk/branches in export + assert: + that: + - "export_tags.stat.isdir" + - "export_trunk.stat.isdir" + - "export_branches.stat.isdir" + - "subverted4.changed" + +- name: clone a small external repo with validate_certs=true + subversion: + repo: "{{ subversion_external_repo_url }}" + dest: "{{ subversion_test_dir }}/svn-external1" + validate_certs: yes + +- name: clone a small external repo with validate_certs=false + subversion: + repo: "{{ subversion_external_repo_url }}" + dest: "{{ subversion_test_dir }}/svn-external2" + validate_certs: no + +# TBA: test for additional options or URL variants welcome diff --git a/test/integration/targets/subversion/roles/subversion/tasks/warnings.yml b/test/integration/targets/subversion/roles/subversion/tasks/warnings.yml new file mode 100644 index 0000000..50ebd44 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/tasks/warnings.yml @@ -0,0 +1,7 @@ +--- +- name: checkout using a password to test for a warning when using svn lt 1.10.0 + subversion: + repo: '{{ subversion_repo_auth_url }}' + dest: '{{ subversion_test_dir }}/svn' + username: '{{ subversion_username }}' + password: '{{ subversion_password }}' diff --git a/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 b/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 new file mode 100644 index 0000000..86f4070 --- /dev/null +++ b/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 @@ -0,0 +1,71 @@ +{% if ansible_os_family == "Debian" %} + +{# On Ubuntu 16.04 we can include the default config, other versions require explicit config #} +{% if ansible_distribution_version == "16.04" %} +Include /etc/apache2/apache2.conf + +{% else %} +Timeout 300 +KeepAlive On +MaxKeepAliveRequests 100 +KeepAliveTimeout 5 +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +HostnameLookups Off +LogLevel warn +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf +IncludeOptional conf-enabled/*.conf +IncludeOptional sites-enabled/*conf + +<FilesMatch "^\.ht"> + Require all denied +</FilesMatch> + +{% endif %} + +{% elif ansible_os_family == "FreeBSD" %} +Include /usr/local/etc/apache24/httpd.conf +LoadModule dav_module libexec/apache24/mod_dav.so +LoadModule dav_svn_module libexec/apache24/mod_dav_svn.so +LoadModule authz_svn_module libexec/apache24/mod_authz_svn.so +{% elif ansible_os_family == "Suse" %} +Include /etc/apache2/httpd.conf +LoadModule dav_module /usr/lib64/apache2/mod_dav.so +LoadModule dav_svn_module /usr/lib64/apache2/mod_dav_svn.so +{% elif ansible_os_family == "Alpine" %} +Include /etc/apache2/httpd.conf +LoadModule dav_module /usr/lib/apache2/mod_dav.so +LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so +{% elif ansible_os_family == "RedHat" %} +Include /etc/httpd/conf/httpd.conf +{% endif %} + +PidFile {{ subversion_server_dir }}/apache.pid +Listen 127.0.0.1:{{ apache_port }} +ErrorLog {{ subversion_server_dir }}/apache2-error.log + +<Location /svn> + DAV svn + SVNParentPath {{ subversion_server_dir }} +{% if ansible_distribution == "CentOS" and ansible_distribution_version.startswith("6") %} + Allow from all +{% else %} + Require all granted +{% endif %} +</Location> + +<Location /svnauth> + DAV svn + SVNParentPath {{ subversion_server_dir }} + AuthType Basic + AuthName "Subversion repositories" + AuthUserFile {{ subversion_server_dir }}/svn-auth-users + Require valid-user +</Location> diff --git a/test/integration/targets/subversion/runme.sh b/test/integration/targets/subversion/runme.sh new file mode 100755 index 0000000..8a4f0d0 --- /dev/null +++ b/test/integration/targets/subversion/runme.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash + +set -eux -o pipefail + +cleanup() { + echo "Cleanup" + ansible-playbook runme.yml -i "${INVENTORY_PATH}" "$@" --tags cleanup + echo "Done" +} + +trap cleanup INT TERM EXIT + +export ANSIBLE_ROLES_PATH=roles/ + +# Ensure subversion is set up +ansible-playbook runme.yml -i "${INVENTORY_PATH}" "$@" -v --tags setup + +# Test functionality +ansible-playbook runme.yml -i "${INVENTORY_PATH}" "$@" -v --tags tests + +# Test a warning is displayed for versions < 1.10.0 when a password is provided +ansible-playbook runme.yml -i "${INVENTORY_PATH}" "$@" --tags warnings 2>&1 | tee out.txt + +version=$(ANSIBLE_FORCE_COLOR=0 ansible -i "${INVENTORY_PATH}" -m shell -a 'svn --version -q' testhost 2>/dev/null | tail -n 1) + +echo "svn --version is '${version}'" + +secure=$(python -c "from ansible.module_utils.compat.version import LooseVersion; print(LooseVersion('$version') >= LooseVersion('1.10.0'))") + +if [[ "${secure}" = "False" ]] && [[ "$(grep -c 'To securely pass credentials, upgrade svn to version 1.10.0' out.txt)" -eq 1 ]]; then + echo "Found the expected warning" +elif [[ "${secure}" = "False" ]]; then + echo "Expected a warning" + exit 1 +fi diff --git a/test/integration/targets/subversion/runme.yml b/test/integration/targets/subversion/runme.yml new file mode 100644 index 0000000..71c5e4b --- /dev/null +++ b/test/integration/targets/subversion/runme.yml @@ -0,0 +1,15 @@ +--- +- hosts: testhost + tasks: + - name: load OS specific vars + include_vars: '{{ item }}' + with_first_found: + - files: + - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml' + - '{{ ansible_os_family }}.yml' + paths: '../vars' + tags: always + + - include_role: + name: subversion + tags: always diff --git a/test/integration/targets/subversion/vars/Alpine.yml b/test/integration/targets/subversion/vars/Alpine.yml new file mode 100644 index 0000000..ce071fd --- /dev/null +++ b/test/integration/targets/subversion/vars/Alpine.yml @@ -0,0 +1,7 @@ +--- +subversion_packages: +- subversion +- mod_dav_svn +- apache2-webdav +apache_user: apache +apache_group: apache diff --git a/test/integration/targets/subversion/vars/Debian.yml b/test/integration/targets/subversion/vars/Debian.yml new file mode 100644 index 0000000..dfe131b --- /dev/null +++ b/test/integration/targets/subversion/vars/Debian.yml @@ -0,0 +1,6 @@ +--- +subversion_packages: +- subversion +- libapache2-mod-svn +apache_user: www-data +apache_group: www-data diff --git a/test/integration/targets/subversion/vars/FreeBSD.yml b/test/integration/targets/subversion/vars/FreeBSD.yml new file mode 100644 index 0000000..153f523 --- /dev/null +++ b/test/integration/targets/subversion/vars/FreeBSD.yml @@ -0,0 +1,7 @@ +--- +subversion_packages: +- apache24 +- mod_dav_svn +- subversion +apache_user: www +apache_group: www diff --git a/test/integration/targets/subversion/vars/RedHat.yml b/test/integration/targets/subversion/vars/RedHat.yml new file mode 100644 index 0000000..3e3f910 --- /dev/null +++ b/test/integration/targets/subversion/vars/RedHat.yml @@ -0,0 +1,10 @@ +--- +subversion_packages: +- mod_dav_svn +- subversion +upgrade_packages: +# prevent sqlite from being out-of-sync with the version subversion was compiled with +- subversion +- sqlite +apache_user: apache +apache_group: apache diff --git a/test/integration/targets/subversion/vars/Suse.yml b/test/integration/targets/subversion/vars/Suse.yml new file mode 100644 index 0000000..eab906e --- /dev/null +++ b/test/integration/targets/subversion/vars/Suse.yml @@ -0,0 +1,6 @@ +--- +subversion_packages: +- subversion +- subversion-server +apache_user: wwwrun +apache_group: www diff --git a/test/integration/targets/subversion/vars/Ubuntu-18.yml b/test/integration/targets/subversion/vars/Ubuntu-18.yml new file mode 100644 index 0000000..dfe131b --- /dev/null +++ b/test/integration/targets/subversion/vars/Ubuntu-18.yml @@ -0,0 +1,6 @@ +--- +subversion_packages: +- subversion +- libapache2-mod-svn +apache_user: www-data +apache_group: www-data diff --git a/test/integration/targets/subversion/vars/Ubuntu-20.yml b/test/integration/targets/subversion/vars/Ubuntu-20.yml new file mode 100644 index 0000000..dfe131b --- /dev/null +++ b/test/integration/targets/subversion/vars/Ubuntu-20.yml @@ -0,0 +1,6 @@ +--- +subversion_packages: +- subversion +- libapache2-mod-svn +apache_user: www-data +apache_group: www-data |