summaryrefslogtreecommitdiffstats
path: root/lib/ansible/modules/subversion.py
blob: ac2a17e599acdae802acf98f67a3d05096d2cf53 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
# -*- coding: utf-8 -*-

# Copyright: (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import annotations


DOCUMENTATION = '''
---
module: subversion
short_description: Deploys a subversion repository
description:
   - Deploy given repository URL / revision to dest. If dest exists, update to the specified revision, otherwise perform a checkout.
version_added: "0.7"
author:
- Dane Summers (@dsummersl) <njharman@gmail.com>
options:
  repo:
    description:
      - The subversion URL to the repository.
    type: str
    required: true
    aliases: [ name, repository ]
  dest:
    description:
      - Absolute path where the repository should be deployed.
      - The destination directory must be specified unless O(checkout=no), O(update=no), and O(export=no).
    type: path
  revision:
    description:
      - Specific revision to checkout.
    type: str
    default: HEAD
    aliases: [ rev, version ]
  force:
    description:
      - If V(true), modified files will be discarded. If V(false), module will fail if it encounters modified files.
        Prior to 1.9 the default was V(true).
    type: bool
    default: "no"
  in_place:
    description:
      - If the directory exists, then the working copy will be checked-out over-the-top using
        svn checkout --force; if force is specified then existing files with different content are reverted.
    type: bool
    default: "no"
    version_added: "2.6"
  username:
    description:
      - C(--username) parameter passed to svn.
    type: str
  password:
    description:
      - C(--password) parameter passed to svn when svn is less than version 1.10.0. This is not secure and
        the password will be leaked to argv.
      - C(--password-from-stdin) parameter when svn is greater or equal to version 1.10.0.
    type: str
  executable:
    description:
      - Path to svn executable to use. If not supplied,
        the normal mechanism for resolving binary paths will be used.
    type: path
    version_added: "1.4"
  checkout:
    description:
     - If V(false), do not check out the repository if it does not exist locally.
    type: bool
    default: "yes"
    version_added: "2.3"
  update:
    description:
     - If V(false), do not retrieve new revisions from the origin repository.
    type: bool
    default: "yes"
    version_added: "2.3"
  export:
    description:
      - If V(true), do export instead of checkout/update.
    type: bool
    default: "no"
    version_added: "1.6"
  switch:
    description:
      - If V(false), do not call svn switch before update.
    default: "yes"
    version_added: "2.0"
    type: bool
  validate_certs:
    description:
      - If V(false), passes the C(--trust-server-cert) flag to svn.
      - If V(true), does not pass the flag.
    default: "no"
    version_added: "2.11"
    type: bool
extends_documentation_fragment: action_common_attributes
attributes:
    check_mode:
        support: full
    diff_mode:
        support: none
    platform:
        platforms: posix
notes:
   - This module does not handle externals.

requirements:
    - subversion (the command line tool with C(svn) entrypoint)
'''

EXAMPLES = '''
- name: Checkout subversion repository to specified folder
  ansible.builtin.subversion:
    repo: svn+ssh://an.example.org/path/to/repo
    dest: /src/checkout

- name: Export subversion directory to folder
  ansible.builtin.subversion:
    repo: svn+ssh://an.example.org/path/to/repo
    dest: /src/export
    export: yes

- name: Get information about the repository whether or not it has already been cloned locally
  ansible.builtin.subversion:
    repo: svn+ssh://an.example.org/path/to/repo
    dest: /src/checkout
    checkout: no
    update: no
'''

RETURN = r'''#'''

import os
import re

from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.common.locale import get_best_parsable_locale
from ansible.module_utils.compat.version import LooseVersion


class Subversion(object):

    # Example text matched by the regexp:
    #  Révision : 1889134
    #  版本: 1889134
    #  Revision: 1889134
    REVISION_RE = r'^\w+\s?:\s+\d+$'

    def __init__(self, module, dest, repo, revision, username, password, svn_path, validate_certs):
        self.module = module
        self.dest = dest
        self.repo = repo
        self.revision = revision
        self.username = username
        self.password = password
        self.svn_path = svn_path
        self.validate_certs = validate_certs

    def has_option_password_from_stdin(self):
        rc, version, err = self.module.run_command([self.svn_path, '--version', '--quiet'], check_rc=True)
        return LooseVersion(version) >= LooseVersion('1.10.0')

    def _exec(self, args, check_rc=True):
        '''Execute a subversion command, and return output. If check_rc is False, returns the return code instead of the output.'''
        bits = [
            self.svn_path,
            '--non-interactive',
            '--no-auth-cache',
        ]
        if not self.validate_certs:
            bits.append('--trust-server-cert')
        stdin_data = None
        if self.username:
            bits.extend(["--username", self.username])
        if self.password:
            if self.has_option_password_from_stdin():
                bits.append("--password-from-stdin")
                stdin_data = self.password
            else:
                self.module.warn("The authentication provided will be used on the svn command line and is not secure. "
                                 "To securely pass credentials, upgrade svn to version 1.10.0 or greater.")
                bits.extend(["--password", self.password])
        bits.extend(args)
        rc, out, err = self.module.run_command(bits, check_rc, data=stdin_data)

        if check_rc:
            return out.splitlines()
        else:
            return rc

    def is_svn_repo(self):
        '''Checks if path is a SVN Repo.'''
        rc = self._exec(["info", self.dest], check_rc=False)
        return rc == 0

    def checkout(self, force=False):
        '''Creates new svn working directory if it does not already exist.'''
        cmd = ["checkout"]
        if force:
            cmd.append("--force")
        cmd.extend(["-r", self.revision, self.repo, self.dest])
        self._exec(cmd)

    def export(self, force=False):
        '''Export svn repo to directory'''
        cmd = ["export"]
        if force:
            cmd.append("--force")
        cmd.extend(["-r", self.revision, self.repo, self.dest])

        self._exec(cmd)

    def switch(self):
        '''Change working directory's repo.'''
        # switch to ensure we are pointing at correct repo.
        # it also updates!
        output = self._exec(["switch", "--revision", self.revision, self.repo, self.dest])
        for line in output:
            if re.search(r'^[ABDUCGE]\s', line):
                return True
        return False

    def update(self):
        '''Update existing svn working directory.'''
        output = self._exec(["update", "-r", self.revision, self.dest])

        for line in output:
            if re.search(r'^[ABDUCGE]\s', line):
                return True
        return False

    def revert(self):
        '''Revert svn working directory.'''
        output = self._exec(["revert", "-R", self.dest])
        for line in output:
            if re.search(r'^Reverted ', line) is None:
                return True
        return False

    def get_revision(self):
        '''Revision and URL of subversion working directory.'''
        text = '\n'.join(self._exec(["info", self.dest]))
        rev = re.search(self.REVISION_RE, text, re.MULTILINE)
        if rev:
            rev = rev.group(0)
        else:
            rev = 'Unable to get revision'

        url = re.search(r'^URL\s?:.*$', text, re.MULTILINE)
        if url:
            url = url.group(0)
        else:
            url = 'Unable to get URL'

        return rev, url

    def get_remote_revision(self):
        '''Revision and URL of subversion working directory.'''
        text = '\n'.join(self._exec(["info", self.repo]))
        rev = re.search(self.REVISION_RE, text, re.MULTILINE)
        if rev:
            rev = rev.group(0)
        else:
            rev = 'Unable to get remote revision'
        return rev

    def has_local_mods(self):
        '''True if revisioned files have been added or modified. Unrevisioned files are ignored.'''
        lines = self._exec(["status", "--quiet", "--ignore-externals", self.dest])
        # The --quiet option will return only modified files.
        # Match only revisioned files, i.e. ignore status '?'.
        regex = re.compile(r'^[^?X]')
        # Has local mods if more than 0 modified revisioned files.
        return len(list(filter(regex.match, lines))) > 0

    def needs_update(self):
        curr, url = self.get_revision()
        out2 = '\n'.join(self._exec(["info", "-r", self.revision, self.dest]))
        head = re.search(self.REVISION_RE, out2, re.MULTILINE)
        if head:
            head = head.group(0)
        else:
            head = 'Unable to get revision'
        rev1 = int(curr.split(':')[1].strip())
        rev2 = int(head.split(':')[1].strip())
        change = False
        if rev1 < rev2:
            change = True
        return change, curr, head


def main():
    module = AnsibleModule(
        argument_spec=dict(
            dest=dict(type='path'),
            repo=dict(type='str', required=True, aliases=['name', 'repository']),
            revision=dict(type='str', default='HEAD', aliases=['rev', 'version']),
            force=dict(type='bool', default=False),
            username=dict(type='str'),
            password=dict(type='str', no_log=True),
            executable=dict(type='path'),
            export=dict(type='bool', default=False),
            checkout=dict(type='bool', default=True),
            update=dict(type='bool', default=True),
            switch=dict(type='bool', default=True),
            in_place=dict(type='bool', default=False),
            validate_certs=dict(type='bool', default=False),
        ),
        supports_check_mode=True,
    )

    dest = module.params['dest']
    repo = module.params['repo']
    revision = module.params['revision']
    force = module.params['force']
    username = module.params['username']
    password = module.params['password']
    svn_path = module.params['executable'] or module.get_bin_path('svn', True)
    export = module.params['export']
    switch = module.params['switch']
    checkout = module.params['checkout']
    update = module.params['update']
    in_place = module.params['in_place']
    validate_certs = module.params['validate_certs']

    # We screenscrape a huge amount of svn commands so use C locale anytime we
    # call run_command()
    locale = get_best_parsable_locale(module)
    module.run_command_environ_update = dict(LANG=locale, LC_MESSAGES=locale)

    if not dest and (checkout or update or export):
        module.fail_json(msg="the destination directory must be specified unless checkout=no, update=no, and export=no")

    svn = Subversion(module, dest, repo, revision, username, password, svn_path, validate_certs)

    if not export and not update and not checkout:
        module.exit_json(changed=False, after=svn.get_remote_revision())
    if export or not os.path.exists(dest):
        before = None
        local_mods = False
        if module.check_mode:
            module.exit_json(changed=True)
        elif not export and not checkout:
            module.exit_json(changed=False)
        if not export and checkout:
            svn.checkout()
            files_changed = True
        else:
            svn.export(force=force)
            files_changed = True
    elif svn.is_svn_repo():
        # Order matters. Need to get local mods before switch to avoid false
        # positives. Need to switch before revert to ensure we are reverting to
        # correct repo.
        if not update:
            module.exit_json(changed=False)
        if module.check_mode:
            if svn.has_local_mods() and not force:
                module.fail_json(msg="ERROR: modified files exist in the repository.")
            check, before, after = svn.needs_update()
            module.exit_json(changed=check, before=before, after=after)
        files_changed = False
        before = svn.get_revision()
        local_mods = svn.has_local_mods()
        if switch:
            files_changed = svn.switch() or files_changed
        if local_mods:
            if force:
                files_changed = svn.revert() or files_changed
            else:
                module.fail_json(msg="ERROR: modified files exist in the repository.")
        files_changed = svn.update() or files_changed
    elif in_place:
        before = None
        svn.checkout(force=True)
        files_changed = True
        local_mods = svn.has_local_mods()
        if local_mods and force:
            svn.revert()
    else:
        module.fail_json(msg="ERROR: %s folder already exists, but its not a subversion repository." % (dest,))

    if export:
        module.exit_json(changed=True)
    else:
        after = svn.get_revision()
        changed = files_changed or local_mods
        module.exit_json(changed=changed, before=before, after=after)


if __name__ == '__main__':
    main()