From 8a754e0858d922e955e71b253c139e071ecec432 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 18:04:21 +0200
Subject: Adding upstream version 2.14.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../subversion/roles/subversion/defaults/main.yml  |  10 ++
 .../roles/subversion/files/create_repo.sh          |   6 +
 .../subversion/roles/subversion/tasks/cleanup.yml  |   8 ++
 .../subversion/roles/subversion/tasks/main.yml     |  20 +++
 .../subversion/roles/subversion/tasks/setup.yml    |  72 ++++++++++
 .../roles/subversion/tasks/setup_selinux.yml       |  11 ++
 .../subversion/roles/subversion/tasks/tests.yml    | 145 +++++++++++++++++++++
 .../subversion/roles/subversion/tasks/warnings.yml |   7 +
 .../roles/subversion/templates/subversion.conf.j2  |  71 ++++++++++
 9 files changed, 350 insertions(+)
 create mode 100644 test/integration/targets/subversion/roles/subversion/defaults/main.yml
 create mode 100644 test/integration/targets/subversion/roles/subversion/files/create_repo.sh
 create mode 100644 test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml
 create mode 100644 test/integration/targets/subversion/roles/subversion/tasks/main.yml
 create mode 100644 test/integration/targets/subversion/roles/subversion/tasks/setup.yml
 create mode 100644 test/integration/targets/subversion/roles/subversion/tasks/setup_selinux.yml
 create mode 100644 test/integration/targets/subversion/roles/subversion/tasks/tests.yml
 create mode 100644 test/integration/targets/subversion/roles/subversion/tasks/warnings.yml
 create mode 100644 test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2

(limited to 'test/integration/targets/subversion/roles')

diff --git a/test/integration/targets/subversion/roles/subversion/defaults/main.yml b/test/integration/targets/subversion/roles/subversion/defaults/main.yml
new file mode 100644
index 0000000..e647d59
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+apache_port: 11386  # cannot use 80 as httptester overrides this
+subversion_test_dir: /tmp/ansible-svn-test-dir
+subversion_server_dir: /tmp/ansible-svn  # cannot use a path in the home dir without userdir or granting exec permission to the apache user
+subversion_repo_name: ansible-test-repo
+subversion_repo_url: http://127.0.0.1:{{ apache_port }}/svn/{{ subversion_repo_name }}
+subversion_repo_auth_url: http://127.0.0.1:{{ apache_port }}/svnauth/{{ subversion_repo_name }}
+subversion_username: subsvn_user'''
+subversion_password: Password123!
+subversion_external_repo_url: https://github.com/ansible/ansible.github.com  # GitHub serves SVN
diff --git a/test/integration/targets/subversion/roles/subversion/files/create_repo.sh b/test/integration/targets/subversion/roles/subversion/files/create_repo.sh
new file mode 100644
index 0000000..cc7f407
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/files/create_repo.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+svnadmin create "$1"
+svn mkdir "file://$PWD/$1/trunk" -m "make trunk"
+svn mkdir "file://$PWD/$1/tags" -m "make tags"
+svn mkdir "file://$PWD/$1/branches" -m "make branches"
diff --git a/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml b/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml
new file mode 100644
index 0000000..9be43b4
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml
@@ -0,0 +1,8 @@
+---
+- name: stop apache after tests
+  shell: "kill -9 $(cat '{{ subversion_server_dir }}/apache.pid')"
+
+- name: remove tmp subversion server dir
+  file:
+    path: '{{ subversion_server_dir }}'
+    state: absent
diff --git a/test/integration/targets/subversion/roles/subversion/tasks/main.yml b/test/integration/targets/subversion/roles/subversion/tasks/main.yml
new file mode 100644
index 0000000..0d6acb8
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: setup subversion server
+  import_tasks: setup.yml
+  tags: setup
+
+- name: verify that subversion is installed so this test can continue
+  shell: which svn
+  tags: always
+
+- name: run tests
+  import_tasks: tests.yml
+  tags: tests
+
+- name: run warning
+  import_tasks: warnings.yml
+  tags: warnings
+
+- name: clean up
+  import_tasks: cleanup.yml
+  tags: cleanup
diff --git a/test/integration/targets/subversion/roles/subversion/tasks/setup.yml b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml
new file mode 100644
index 0000000..3cf5af5
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml
@@ -0,0 +1,72 @@
+---
+- name: clean out the checkout dir
+  file:
+    path: '{{ subversion_test_dir }}'
+    state: '{{ item }}'
+  loop:
+  - absent
+  - directory
+
+- name: install SVN pre-reqs
+  package:
+    name: '{{ subversion_packages }}'
+    state: present
+  when: ansible_distribution != 'Alpine'
+
+- name: install SVN pre-reqs - Alpine
+  command: 'apk add -U -u {{ subversion_packages|join(" ") }}'
+  when: ansible_distribution == 'Alpine'
+
+- name: upgrade SVN pre-reqs
+  package:
+    name: '{{ upgrade_packages }}'
+    state: latest
+  when:
+    - upgrade_packages | default([])
+
+- name: create SVN home folder
+  file:
+    path: '{{ subversion_server_dir }}'
+    state: directory
+
+- name: setup selinux when enabled
+  include_tasks: setup_selinux.yml
+  when: ansible_selinux.status == "enabled"
+
+- name: template out configuration file
+  template:
+    src: subversion.conf.j2
+    dest: '{{ subversion_server_dir }}/subversion.conf'
+
+- name: create a test repository
+  script: create_repo.sh {{ subversion_repo_name }}
+  args:
+    chdir: '{{ subversion_server_dir }}'
+    creates: '{{ subversion_server_dir }}/{{ subversion_repo_name }}'
+
+- name: add test user to htpasswd for Subversion site
+  htpasswd:
+    path: '{{ subversion_server_dir }}/svn-auth-users'
+    name: '{{ subversion_username }}'
+    password: '{{ subversion_password }}'
+    state: present
+
+- name: apply ownership for all SVN directories
+  file:
+    path: '{{ subversion_server_dir }}'
+    owner: '{{ apache_user }}'
+    group: '{{ apache_group }}'
+    recurse: True
+
+- name: start test Apache SVN site - non Red Hat
+  command: apachectl -k start -f {{ subversion_server_dir }}/subversion.conf
+  async: 3600  # We kill apache manually in the clean up phase
+  poll: 0
+  when: ansible_os_family not in ['RedHat', 'Alpine']
+
+# On Red Hat based OS', we can't use apachectl to start up own instance, just use the raw httpd
+- name: start test Apache SVN site - Red Hat
+  command: httpd -k start -f {{ subversion_server_dir }}/subversion.conf
+  async: 3600  # We kill apache manually in the clean up phase
+  poll: 0
+  when: ansible_os_family in ['RedHat', 'Alpine']
diff --git a/test/integration/targets/subversion/roles/subversion/tasks/setup_selinux.yml b/test/integration/targets/subversion/roles/subversion/tasks/setup_selinux.yml
new file mode 100644
index 0000000..a9ffa71
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/tasks/setup_selinux.yml
@@ -0,0 +1,11 @@
+- name: set SELinux security context for SVN folder
+  sefcontext:
+    target: '{{ subversion_server_dir }}(/.*)?'
+    setype: '{{ item }}'
+    state: present
+  with_items:
+  - httpd_sys_content_t
+  - httpd_sys_rw_content_t
+
+- name: apply new SELinux context to filesystem
+  command: restorecon -irv {{ subversion_server_dir | quote }}
diff --git a/test/integration/targets/subversion/roles/subversion/tasks/tests.yml b/test/integration/targets/subversion/roles/subversion/tasks/tests.yml
new file mode 100644
index 0000000..b8f85d9
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/tasks/tests.yml
@@ -0,0 +1,145 @@
+# test code for the svn module
+# (c) 2014, Michael DeHaan <michael.dehaan@gmail.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# checks out every branch so using a small repo
+
+- name: initial checkout
+  subversion:
+    repo: '{{ subversion_repo_url }}'
+    dest: '{{ subversion_test_dir }}/svn'
+  register: subverted
+
+- name: check if dir was checked out
+  stat:
+    path: '{{ subversion_test_dir }}/svn'
+  register: subverted_result
+
+# FIXME: the before/after logic here should be fixed to make them hashes, see GitHub 6078
+# looks like this: {
+#        "after": [
+#            "Revision: 9",
+#            "URL: https://github.com/jimi-c/test_role"
+#        ],
+#        "before": null,
+#        "changed": true,
+#        "item": ""
+# }
+- name: verify information about the initial clone
+  assert:
+    that:
+      - "'after' in subverted"
+      - "subverted.after.1 == 'URL: ' ~ subversion_repo_url"
+      - "not subverted.before"
+      - "subverted.changed"
+      - subverted_result.stat.exists
+
+- name: repeated checkout
+  subversion:
+    repo: '{{ subversion_repo_url }}'
+    dest: '{{ subversion_test_dir }}/svn'
+  register: subverted2
+
+- name: verify on a reclone things are marked unchanged
+  assert:
+    that:
+      - "not subverted2.changed"
+
+- name: check for tags
+  stat: path={{ subversion_test_dir }}/svn/tags
+  register: tags
+
+- name: check for trunk
+  stat: path={{ subversion_test_dir }}/svn/trunk
+  register: trunk
+
+- name: check for branches
+  stat: path={{ subversion_test_dir }}/svn/branches
+  register: branches
+
+- name: assert presence of tags/trunk/branches
+  assert:
+    that:
+      - "tags.stat.isdir"
+      - "trunk.stat.isdir"
+      - "branches.stat.isdir"
+
+- name: remove checked out repo
+  file:
+    path: '{{ subversion_test_dir }}/svn'
+    state: absent
+
+- name: checkout with quotes in username
+  subversion:
+    repo: '{{ subversion_repo_auth_url }}'
+    dest: '{{ subversion_test_dir }}/svn'
+    username: '{{ subversion_username }}'
+    password: '{{ subversion_password }}'
+  register: subverted3
+
+- name: get result of checkout with quotes in username
+  stat:
+    path: '{{ subversion_test_dir }}/svn'
+  register: subverted3_result
+
+- name: assert checkout with quotes in username
+  assert:
+    that:
+    - subverted3 is changed
+    - subverted3_result.stat.exists
+    - subverted3_result.stat.isdir
+
+- name: checkout with export
+  subversion:
+    repo: '{{ subversion_repo_url }}'
+    dest: '{{ subversion_test_dir }}/svn-export'
+    export: True
+  register: subverted4
+
+- name: check for tags
+  stat: path={{ subversion_test_dir }}/svn-export/tags
+  register: export_tags
+
+- name: check for trunk
+  stat: path={{ subversion_test_dir }}/svn-export/trunk
+  register: export_trunk
+
+- name: check for branches
+  stat: path={{ subversion_test_dir }}/svn-export/branches
+  register: export_branches
+
+- name: assert presence of tags/trunk/branches in export
+  assert:
+    that:
+      - "export_tags.stat.isdir"
+      - "export_trunk.stat.isdir"
+      - "export_branches.stat.isdir"
+      - "subverted4.changed"
+
+- name: clone a small external repo with validate_certs=true
+  subversion:
+    repo: "{{ subversion_external_repo_url }}"
+    dest: "{{ subversion_test_dir }}/svn-external1"
+    validate_certs: yes
+
+- name: clone a small external repo with validate_certs=false
+  subversion:
+    repo: "{{ subversion_external_repo_url }}"
+    dest: "{{ subversion_test_dir }}/svn-external2"
+    validate_certs: no
+
+# TBA: test for additional options or URL variants welcome
diff --git a/test/integration/targets/subversion/roles/subversion/tasks/warnings.yml b/test/integration/targets/subversion/roles/subversion/tasks/warnings.yml
new file mode 100644
index 0000000..50ebd44
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/tasks/warnings.yml
@@ -0,0 +1,7 @@
+---
+- name: checkout using a password to test for a warning when using svn lt 1.10.0
+  subversion:
+    repo: '{{ subversion_repo_auth_url }}'
+    dest: '{{ subversion_test_dir }}/svn'
+    username: '{{ subversion_username }}'
+    password: '{{ subversion_password }}'
diff --git a/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 b/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2
new file mode 100644
index 0000000..86f4070
--- /dev/null
+++ b/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2
@@ -0,0 +1,71 @@
+{% if ansible_os_family == "Debian" %}
+
+{# On Ubuntu 16.04 we can include the default config, other versions require explicit config #}
+{% if ansible_distribution_version == "16.04" %}
+Include /etc/apache2/apache2.conf
+
+{% else %}
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+HostnameLookups Off
+LogLevel warn
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+IncludeOptional conf-enabled/*.conf
+IncludeOptional sites-enabled/*conf
+
+<FilesMatch "^\.ht">
+    Require all denied
+</FilesMatch>
+
+{% endif %}
+
+{% elif ansible_os_family == "FreeBSD" %}
+Include /usr/local/etc/apache24/httpd.conf
+LoadModule dav_module        libexec/apache24/mod_dav.so
+LoadModule dav_svn_module    libexec/apache24/mod_dav_svn.so
+LoadModule authz_svn_module  libexec/apache24/mod_authz_svn.so
+{% elif ansible_os_family == "Suse" %}
+Include /etc/apache2/httpd.conf
+LoadModule dav_module       /usr/lib64/apache2/mod_dav.so
+LoadModule dav_svn_module   /usr/lib64/apache2/mod_dav_svn.so
+{% elif ansible_os_family == "Alpine" %}
+Include /etc/apache2/httpd.conf
+LoadModule dav_module       /usr/lib/apache2/mod_dav.so
+LoadModule dav_svn_module   /usr/lib/apache2/mod_dav_svn.so
+{% elif ansible_os_family == "RedHat" %}
+Include /etc/httpd/conf/httpd.conf
+{% endif %}
+
+PidFile {{ subversion_server_dir }}/apache.pid
+Listen 127.0.0.1:{{ apache_port }}
+ErrorLog {{ subversion_server_dir }}/apache2-error.log
+
+<Location /svn>
+   DAV svn
+   SVNParentPath {{ subversion_server_dir }}
+{% if ansible_distribution == "CentOS" and ansible_distribution_version.startswith("6") %}
+   Allow from all
+{% else %}
+   Require all granted
+{% endif %}
+</Location>
+
+<Location /svnauth>
+    DAV svn
+    SVNParentPath {{ subversion_server_dir }}
+    AuthType Basic
+    AuthName "Subversion repositories"
+    AuthUserFile {{ subversion_server_dir }}/svn-auth-users
+    Require valid-user
+</Location>
-- 
cgit v1.2.3