# infrastructure-svnauthz **Repository Path**: mirrors_apache/infrastructure-svnauthz ## Basic Information - **Project Name**: infrastructure-svnauthz - **Description**: Daemon for maintaining svn authz files - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2021-03-13 - **Last Updated**: 2026-03-21 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # Daemon to maintain authz files for Apache Subversion ## About the SVNAuthz Service This daemon uses pubsub to watch for both: * template/definition changes for authz files * LDAP group changes to fill into the template(s). If either is detected, an updated asf-authorization and pit-authorization file will be generated in the directory specified as `output_dir` in the svnauthz.yaml.erb template found in the subversion_server module. ## SVNAuthz Service configuration This service uses the ASF's `pipservice` Puppet class to operate and configure the daemon, and is deployed using the custom `subversion_server::svnauthz` class. Encrypted vars used to generate svnauthz.yaml from template are handled by and scoped for the `subversion_server::svnauthz` class. These values are defined in the encrypted nodefile for the host running the service. This service runs as `www-data`. The installation directory: `/opt/svnauthz` and its contents are owned by `www-data:www-data` This service is deployed and runs as a systemd service unit. ## Process control `systemctl (start|stop|status) pipservice-svnauthz.service` ## Logging `journalctl -u pipservice-svnauthz.service` ## Testing In order to test changes to template files * clone this repository to your workstation. * ensure you have all dependencies installed, per `requirements.txt` * acquire an `svnauthz.yaml` * from the production machine (easiest) * or, from [svnauthz.yaml.erb](https://github.com/apache/infrastructure-p6/blob/production/modules/subversion_server/templates/svnauthz.yaml.erb) and insert three pairs of user/pass values (for pubsub private data, for the private git repository, and for binding to LDAP) * edit the .yaml * change the `output_dir` to (say) `/tmp/authz` * NOTE: make sure the directory exists before starting the daemon (it does not auto-create it) * change the `template_url` to `/path/to/your/templates/` (this will likely be `.../modules/subversion_server/files/authorization/`; make sure the trailing slash is present and use the full path to the file, relative is not supported.) * create a subdir named `ref` to hold "reference" outputs (call it anything and place it anywhere, it's just used to hold a pristine copy of the auth files as comparision.) * in the `ref` directory, fetch the current/live set of authz files using ``` $ scp svn-master.apache.org:/x1/svn/authorization/*n . ``` * generate a new set of authz files using: ``` $ ./authz.py --test ``` (note the daemon will not start; the script will produce the authz files, then exit) * then you can check[1] whether you made breaking changes, or just your intended changes (maybe along with acceptable unintended changes): ``` $ diff /tmp/authz/asf-authorization ref/ ``` [1] The 'check' is currently just diffing the output, future may provide a syntax checker for validity.