Solved missing logout injection bug and refactored srv-web-7-7-inj-compose

roles/srv-web-7-7-inj-compose/filter_plugins/inj_enabled.py

@@ -0,0 +1,35 @@
+# roles/srv-web-7-7-inj-compose/filter_plugins/inj_enabled.py
+#
+# Usage in tasks:
+#   - set_fact:
+#       inj_enabled: "{{ applications | inj_enabled(application_id, ['javascript','logout','css','matomo','desktop']) }}"
+
+import sys
+import os
+
+# allow imports from module_utils (same trick as your get_app_conf filter)
+base = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..', '..'))
+mu = os.path.join(base, 'module_utils')
+for p in (base, mu):
+    if p not in sys.path:
+        sys.path.insert(0, p)
+
+from module_utils.config_utils import get_app_conf
+
+def inj_enabled_filter(applications, application_id, features, prefix="features", default=False):
+    """
+    Build a dict {feature: value} by reading the feature flags under the given prefix for the selected application.
+    Uses get_app_conf with strict=False so missing keys just return the default.
+    """
+    result = {}
+    for f in features:
+        path = f"{prefix}.{f}" if prefix else f
+        result[f] = get_app_conf(applications, application_id, path, strict=False, default=default)
+    return result
+
+
+class FilterModule(object):
+    def filters(self):
+        return {
+            "inj_enabled": inj_enabled_filter,
+        }

roles/srv-web-7-7-inj-compose/tasks/main.yml

@@ -1,11 +1,6 @@
-- name: Set inj_enabled dictionary
+- name: Build inj_enabled
   set_fact:
-    inj_enabled:
-      javascript: "{{ applications | get_app_conf(application_id, 'features.javascript', False) }}"
-      logout:     "{{ (applications | get_app_conf(application_id, 'features.logout', False) or domain == PRIMARY_DOMAIN) }}"
-      css:        "{{ applications | get_app_conf(application_id, 'features.css', False) }}"
-      matomo:     "{{ applications | get_app_conf(application_id, 'features.matomo', False) }}"
-      desktop:    "{{ applications | get_app_conf(application_id, 'features.desktop', False) }}"
+    inj_enabled: "{{ applications | inj_enabled(application_id, SRV_WEB_INJ_COMP_FEATURES_ALL) }}"
 
 - block:
   - name: Include dependency 'srv-web-7-4-core'
@@ -15,13 +10,13 @@
   - include_tasks: utils/run_once.yml
   when: run_once_srv_web_7_7_inj_compose is not defined
 
-- name: "Activate Portfolio iFrame notifier for {{ domain }}"
+- name: "Activate Portfolio iFrame notifier for '{{ domain }}'"
   include_role:
     name:   srv-web-7-7-inj-desktop
     public: true # Vars used in templates
   when: inj_enabled.desktop
 
-- name: "Load CDN for {{ domain }}"
+- name: "Load CDN for '{{ domain }}'"
   include_role:
     name: web-svc-cdn
     public: false
@@ -41,24 +36,28 @@
   vars:
     handler_role_name: "{{ item }}"
 
-- name: "Activate Corporate CSS for {{ domain }}"
+- name: Reinitialize 'inj_enabled' for '{{ domain }}', after modification by CDN
+  set_fact:
+    inj_enabled: "{{ applications | inj_enabled(application_id, SRV_WEB_INJ_COMP_FEATURES_ALL) }}"
+
+- name: "Activate Corporate CSS for '{{ domain }}'"
   include_role:
     name: srv-web-7-7-inj-css
   when:
   - inj_enabled.css
   - run_once_srv_web_7_7_inj_css is not defined
 
-- name: "Activate Matomo Tracking for {{ domain }}"
+- name: "Activate Matomo Tracking for '{{ domain }}'"
   include_role:
     name: srv-web-7-7-inj-matomo
   when: inj_enabled.matomo
 
-- name: "Activate Javascript for {{ domain }}"
+- name: "Activate Javascript for '{{ domain }}'"
   include_role:
     name: srv-web-7-7-inj-javascript
   when: inj_enabled.javascript
 
-- name: "Activate logout proxy for {{ domain }}"
+- name: "Activate logout proxy for '{{ domain }}'"
   include_role:
     name: srv-web-7-7-inj-logout
     public: true # Vars used in templates

roles/srv-web-7-7-inj-compose/templates/location.lua.j2

@@ -1,3 +1,17 @@
+{% macro push_snippets(list_name, features) -%}
+{% for f in features -%}
+{% if inj_enabled.get(f) -%}
+{{ list_name }}[#{{ list_name }} + 1] = [=[
+  {%- include
+     'roles/srv-web-7-7-inj-' ~ f ~
+     '/templates/' ~
+     ('head' if list_name == 'head_snippets' else 'body') ~
+     '_sub.j2'
+  -%}
+]=]
+{% endif -%}
+{% endfor -%}
+{%- endmacro %}
 
 lua_need_request_body on;
 
@@ -43,13 +57,7 @@ body_filter_by_lua_block {
     -- build a list of head-injection snippets
     local head_snippets = {}
 
-    {% for head_feature in ['css', 'matomo', 'desktop', 'javascript', 'logout' ] %}
-    {% if applications | get_app_conf(application_id, 'features.' ~ head_feature, false) %}
-    head_snippets[#head_snippets + 1] = [=[
-        {%- include "roles/srv-web-7-7-inj-" ~ head_feature ~ "/templates/head_sub.j2" -%}
-    ]=]
-    {% endif %}
-    {% endfor %}
+    {{ push_snippets('head_snippets', ['css','matomo','desktop','javascript','logout']) }}
 
     -- inject all collected snippets right before </head>
     local head_payload = table.concat(head_snippets, "\n") .. "</head>"
@@ -58,13 +66,7 @@ body_filter_by_lua_block {
     -- build a list of body-injection snippets
     local body_snippets = {}
 
-    {% for body_feature in ['matomo', 'logout', 'desktop'] %}
-    {% if applications | get_app_conf(application_id, 'features.' ~ body_feature, false) %}
-    body_snippets[#body_snippets + 1] = [=[
-        {%- include "roles/srv-web-7-7-inj-" ~ body_feature ~ "/templates/body_sub.j2" -%}
-    ]=]
-    {% endif %}
-    {% endfor %}
+    {{ push_snippets('body_snippets', ['matomo','logout','desktop']) }}
 
     -- inject all collected snippets right before </body>
     local body_payload = table.concat(body_snippets, "\n") .. "</body>"

roles/srv-web-7-7-inj-compose/vars/main.yml

@@ -1,2 +1,9 @@
 # Docker
-docker_pull_git_repository: false # Deactivated here to don't inhire this
+docker_pull_git_repository: false # Deactivated here to don't inhire this
+
+SRV_WEB_INJ_COMP_FEATURES_ALL:
+  - 'javascript'
+  - 'logout'
+  - 'css'
+  - 'matomo'
+  - 'desktop'