Replaced nginx native with openresty for logout injection. Right now still buggy on nextcloud and espocrm

tests/integration/test_docker_compose_templates.py

@@ -17,14 +17,16 @@ class TestDockerComposeTemplates(unittest.TestCase):
     ]
 
     BASE_INCLUDE = "{% include 'roles/docker-compose/templates/base.yml.j2' %}"
-    NET_INCLUDE = "{% include 'roles/docker-compose/templates/networks.yml.j2' %}"
+    NET_INCLUDE  = "{% include 'roles/docker-compose/templates/networks.yml.j2' %}"
+    HOST_MODE    = 'network_mode: "host"'
 
     def test_docker_compose_includes(self):
         """
         Verifies for each found docker-compose.yml.j2:
-        1. BASE_INCLUDE and NET_INCLUDE are present exactly once
-        2. BASE_INCLUDE appears before NET_INCLUDE
-        3. Only allowed lines appear before BASE_INCLUDE (invalid lines issue warnings)
+        1. BASE_INCLUDE is present exactly once
+        2. If no host‑mode is set, NET_INCLUDE must appear exactly once
+        3. BASE_INCLUDE appears before NET_INCLUDE when both are required
+        4. Only allowed lines appear before BASE_INCLUDE (invalid lines issue warnings)
         """
         template_paths = sorted(
             self.PROJECT_ROOT.glob(self.TEMPLATE_PATTERN)
@@ -36,33 +38,42 @@ class TestDockerComposeTemplates(unittest.TestCase):
                 content = template_path.read_text(encoding='utf-8')
                 lines = content.splitlines()
 
-                # Check each include occurs exactly once
+                # BASE_INCLUDE must always occur exactly once
                 count_base = lines.count(self.BASE_INCLUDE)
                 self.assertEqual(
-                    count_base,
-                    1,
+                    count_base, 1,
                     f"{template_path}: '{self.BASE_INCLUDE}' occurs {count_base} times, expected once"
                 )
+
+                # Determine if host‑mode is in use
+                host_mode = self.HOST_MODE in content
+
+                # If not host‑mode, NET_INCLUDE must occur exactly once
                 count_net = lines.count(self.NET_INCLUDE)
-                self.assertEqual(
-                    count_net,
-                    1,
-                    f"{template_path}: '{self.NET_INCLUDE}' occurs {count_net} times, expected once"
-                )
+                if host_mode:
+                    # No network include needed for host mode
+                    self.assertEqual(
+                        count_net, 0,
+                        f"{template_path}: '{self.NET_INCLUDE}' should be omitted when using host networking"
+                    )
+                else:
+                    # Must include networks.yml exactly once
+                    self.assertEqual(
+                        count_net, 1,
+                        f"{template_path}: '{self.NET_INCLUDE}' occurs {count_net} times, expected once"
+                    )
 
-                # Find BASE_INCLUDE index
-                idx_base = lines.index(self.BASE_INCLUDE)
-                # Find NET_INCLUDE index
-                idx_net = lines.index(self.NET_INCLUDE)
-
-                # Check order
-                self.assertLess(
-                    idx_base,
-                    idx_net,
-                    f"{template_path}: '{self.BASE_INCLUDE}' must come before '{self.NET_INCLUDE}'"
-                )
+                # If both includes are present, check order
+                if count_base and count_net:
+                    idx_base = lines.index(self.BASE_INCLUDE)
+                    idx_net  = lines.index(self.NET_INCLUDE)
+                    self.assertLess(
+                        idx_base, idx_net,
+                        f"{template_path}: '{self.BASE_INCLUDE}' must come before '{self.NET_INCLUDE}'"
+                    )
 
                 # Warn on invalid lines before BASE_INCLUDE
+                idx_base = lines.index(self.BASE_INCLUDE)
                 for i, line in enumerate(lines[:idx_base]):
                     if not any(pat.match(line) for pat in self.ALLOWED_BEFORE_BASE):
                         warnings.warn(

tests/integration/test_universal_logout.py

@@ -5,7 +5,7 @@ import yaml
 class TestUniversalLogoutSetting(unittest.TestCase):
     ROLES_PATH = "roles/web-app-*/config/main.yml"
 
-    def test_universal_logout_defined(self):
+    def test_logout_defined(self):
         files = glob.glob(self.ROLES_PATH)
         self.assertGreater(len(files), 0, f"No role config files found under {self.ROLES_PATH}")
 
@@ -23,16 +23,16 @@ class TestUniversalLogoutSetting(unittest.TestCase):
             if data is not None:
                 features = data.get("features", {})
 
-            if "universal_logout" not in features:
+            if "logout" not in features:
                 errors.append(
-                    f"Missing 'universal_logout' setting in features of '{file_path}'. "
-                    "You must explicitly set 'universal_logout' to true or false for this app."
+                    f"Missing 'logout' setting in features of '{file_path}'. "
+                    "You must explicitly set 'logout' to true or false for this app."
                 )
             else:
-                val = features["universal_logout"]
+                val = features["logout"]
                 if not isinstance(val, bool):
                     errors.append(
-                        f"The 'universal_logout' setting in '{file_path}' must be boolean true or false, "
+                        f"The 'logout' setting in '{file_path}' must be boolean true or false, "
                         f"but found: {val} (type {type(val).__name__})"
                     )