feat(jans-linux-setup): activate proxy_http2 for jans-lock

[devrimyatar]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #13128

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #13168,

Summary by CodeRabbit

• Refactor
  • Centralized Apache module management into a single, reusable flow with explicit logging of which modules will be enabled.
  • Conditional inclusion of HTTP/2-related modules when a deployment lock is active.
  • Moved certificate handling and service enable/start into the consolidated initialization path.
  • Safer handling of module lists to avoid unintended side effects and reduced duplicated module logic across platforms.

[coderabbitai]

📝 Walkthrough

Walkthrough

Refactors Apache module management in HttpdInstaller: adds an enabled_modules attribute and a new enable_modules() method that computes and logs modules to enable (including http2/proxy_http2 when Config.install_jans_lock), centralizing previous inline enablement, certificate handling, and service startup logic.

Changes

Cohort / File(s)	Summary
Apache module & httpd flow jans-linux-setup/jans_setup/setup_app/installers/httpd.py	Adds enabled_modules attribute and enable_modules() method; moves inline module enable/disable, certificate handling (httpdKeyPass / MTLS / self-signed generation), and service enable/start into the centralized flow; appends http2 and proxy_http2 when Config.install_jans_lock is set; uses copied module lists to avoid side effects and adjusts variable names and logging.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• feat(jans-setup): setup should activate proxy_http2 for jans-lock #13128: Implements enabling http2/proxy_http2 when Config.install_jans_lock is set via the new enabled_modules and enable_modules() logic.

Suggested reviewers

• iromli
• yuriyzz
• yurem

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (1 warning, 2 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Linked Issues check	❓ Inconclusive	The linked issue #13168 is an auto-created placeholder with no meaningful objectives or requirements; insufficient information to validate compliance.	Reference a specific original issue with actual requirements, or update the auto-created issue with detailed objectives and scope before proceeding.
Description check	❓ Inconclusive	The PR description lacks implementation details and references an auto-created issue placeholder instead of clearly explaining the feature being added.	Fill in the Implementation Details section with a high-level explanation of how proxy_http2 is being activated for jans-lock, and clarify the target issue reference to avoid confusion with auto-generated placeholders.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(jans-linux-setup): activate proxy_http2 for jans-lock' is specific and directly related to the main change of adding proxy_http2 activation for jans-lock.
Out of Scope Changes check	✅ Passed	Changes refactor module management logic and add proxy_http2 support, which aligns with the stated feature; no out-of-scope changes detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jans-linux-setup-apache-proxy_http2-13128

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mo-auto]

Error: Hi @devrimyatar, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

[mo-auto]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@jans-linux-setup/jans_setup/setup_app/installers/httpd.py`:
- Line 154: Replace the non-idiomatic membership test "if not module in
mods_enabled:" with the PEP8-preferred form "if module not in mods_enabled:" in
the httpd installer code where the variables module and mods_enabled are used
(search for the membership check in jans_setup/setup_app/installers/httpd.py to
locate the conditional).
- Line 39: The enabled_modules list uses the wrong module name "mod_dir"; update
the entry in self.enabled_modules to "dir" so it matches Apache's module naming
(and the httpd_2.4.conf LoadModule dir_module pattern) and so the Debian check
for /etc/apache2/mods-available/{amod}.load will find the correct file; locate
the list assigned to self.enabled_modules in the httpd installer (the list
containing 'env', 'log_config', ..., 'rewrite', 'mod_dir', 'auth_openidc') and
replace 'mod_dir' with 'dir'.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@jans-linux-setup/jans_setup/setup_app/installers/httpd.py`:
- Around line 103-110: The enable_modules method uses copy.deepcopy on
self.enabled_modules unnecessarily; replace copy.deepcopy(self.enabled_modules)
with a shallow copy (e.g., list(self.enabled_modules) or
self.enabled_modules.copy()) to avoid overhead, keep the rest of the logic that
appends 'http2' and 'proxy_http2' when Config.install_jans_lock is true, and
remove the import copy if it is no longer referenced elsewhere.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Use shallow copy instead of deepcopy for a flat list of strings.

copy.deepcopy() is unnecessary overhead here since self.enabled_modules is a flat list of immutable strings. A shallow copy is sufficient and more idiomatic.

♻️ Proposed fix

     def enable_modules(self):

-        mods_enabled = copy.deepcopy(self.enabled_modules)
+        mods_enabled = self.enabled_modules.copy()
         if Config.install_jans_lock:
             mods_enabled.append('http2')
             mods_enabled.append('proxy_http2')

With this change, the import copy at line 2 can also be removed if not used elsewhere.

🤖 Prompt for AI Agents

In `@jans-linux-setup/jans_setup/setup_app/installers/httpd.py` around lines 103 -
110, The enable_modules method uses copy.deepcopy on self.enabled_modules
unnecessarily; replace copy.deepcopy(self.enabled_modules) with a shallow copy
(e.g., list(self.enabled_modules) or self.enabled_modules.copy()) to avoid
overhead, keep the rest of the logic that appends 'http2' and 'proxy_http2' when
Config.install_jans_lock is true, and remove the import copy if it is no longer
referenced elsewhere.

[sonarqubecloud]

Quality Gate failed for 'jans-linux-setup'

Failed conditions
B Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE