commit | 6dd3aedb00ea42592b4f3bb43bc48187c6cf8107 | [log] [tgz] |
---|---|---|
author | Greg Stein <gstein@gmail.com> | Mon Apr 24 00:22:25 2023 -0500 |
committer | Greg Stein <gstein@gmail.com> | Mon Apr 24 00:22:25 2023 -0500 |
tree | de5f09ce5a6004dd0fb65ffb6d5f0079fa4f8ebf | |
parent | ad0de5a3e1b6e4ae47faa8c6b4f382d8bf855dbc [diff] |
Add a new form for specifying groups. * Clarifies these come from LDAP, rather than the obsolete auth.conf * Adds one or two lines, based on +PMC * Continues "keep old ordering/format" for the output files.
This daemon uses pubsub to watch for both:
If either is detected, an updated asf-authorization and pit-authorization file will be generated in the directory specified as output_dir
in the svnauthz.yaml.erb template found in the subversion_server module.
This service uses the ASF's pipservice
Puppet class to operate and configure the daemon, and is deployed using the custom subversion_server::svnauthz
class.
Encrypted vars used to generate svnauthz.yaml from template are handled by and scoped for the subversion_server::svnauthz
class.
These values are defined in the encrypted nodefile for the host running the service.
This service runs as www-data
. The installation directory: /opt/svnauthz
and its contents are owned by www-data:www-data
This service is deployed and runs as a systemd service unit.
systemctl (start|stop|status) pipservice-svnauthz.service
journalctl -u pipservice-svnauthz.service
In order to test changes to template files
requirements.txt
svnauthz.yaml
output_dir
to (say) /tmp/authz
template_url
to /path/to/your/templates/
(this will likely be .../modules/subversion_server/files/authorization/
; make sure the trailing slash is present and use the full path to the file, relative is not supported.)ref
to hold “reference” outputs (call it anything and place it anywhere, it's just used to hold a pristine copy of the auth files as comparision.)ref
directory, fetch the current/live set of authz files using$ scp svn-master.apache.org:/x1/svn/authorization/*n .
$ ./authz.py --test(note the daemon will not start; the script will produce the authz files, then exit)
$ diff /tmp/authz/asf-authorization ref/
[1] The ‘check’ is currently just diffing the output, future may provide a syntax checker for validity.