)]}'
{"octavia/amphorae/backends/agent/api_server/haproxy_compatibility.py":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"b91b5497b2a21e079e08d595526126c51df2f7ae","unresolved":false,"context_lines":[{"line_number":57,"context_line":"                    {\u0027major\u0027: major, \u0027minor\u0027: minor})"},{"line_number":58,"context_line":"        haproxy_cfg \u003d re.sub(r\" * ?.*external-check ?.*\\s\", \"\", haproxy_cfg)"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    # Versions less than 1.8.20 do not have ciphersuites options,"},{"line_number":61,"context_line":"    # remove those settings"},{"line_number":62,"context_line":"    if major \u003c 2 and minor \u003c 9 and subversion \u003c 20:"},{"line_number":63,"context_line":"        LOG.info(\"Versions less than 1.8.20 do not have ciphersuites options\")"}],"source_content_type":"text/x-python","patch_set":27,"id":"ff570b3c_1a171da6","line":60,"updated":"2020-05-21 20:25:09.000000000","message":"This should move to the controller side in the amphora rest API driver. The rest driver queries the HAProxy version here: https://github.com/openstack/octavia/blob/master/octavia/amphorae/drivers/haproxy/rest_api_driver.py#L138\nWhich can be used in the jinja rendering to remove unsupported features in the haproxy config that is then pushed to the amphora.\nExample here: https://github.com/openstack/octavia/blob/master/octavia/common/jinja/haproxy/combined_listeners/jinja_cfg.py#L99","commit_id":"5a0d37934073222b1757bd5c185af28905f4aa49"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"14fa98543edbb522a9a137b3098f8e439fe82290","unresolved":false,"context_lines":[{"line_number":57,"context_line":"                    {\u0027major\u0027: major, \u0027minor\u0027: minor})"},{"line_number":58,"context_line":"        haproxy_cfg \u003d re.sub(r\" * ?.*external-check ?.*\\s\", \"\", haproxy_cfg)"},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"    # Versions less than 1.8.20 do not have ciphersuites options,"},{"line_number":61,"context_line":"    # remove those settings"},{"line_number":62,"context_line":"    if major \u003c 2 and minor \u003c 9 and subversion \u003c 20:"},{"line_number":63,"context_line":"        LOG.info(\"Versions less than 1.8.20 do not have ciphersuites options\")"}],"source_content_type":"text/x-python","patch_set":27,"id":"ff570b3c_74a2a84d","line":60,"in_reply_to":"ff570b3c_1a171da6","updated":"2020-05-22 07:36:06.000000000","message":"Thank you! Will update change with new approach.","commit_id":"5a0d37934073222b1757bd5c185af28905f4aa49"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"f4d7298871beb3cb6c38ca28c536638398909c0f","unresolved":false,"context_lines":[{"line_number":32,"context_line":"    version \u003d subprocess.check_output(cmd.split(), stderr\u003dsubprocess.STDOUT)"},{"line_number":33,"context_line":"    LOG.info(\"Version %s\", version.decode(\u0027utf-8\u0027))"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    version_re \u003d re.search(r\u0027.*version (.+?)\\.(.+?)\\.?(.+?|-dev).*\u0027,"},{"line_number":36,"context_line":"                           version.decode(\u0027utf-8\u0027))"},{"line_number":37,"context_line":"    major_version \u003d int(version_re.group(1))"},{"line_number":38,"context_line":"    minor_version \u003d int(version_re.group(2))"}],"source_content_type":"text/x-python","patch_set":33,"id":"9f560f44_bf5e4d10","line":35,"range":{"start_line":35,"start_character":29,"end_line":35,"end_character":66},"updated":"2020-09-22 11:43:24.000000000","message":"It would return (\u00272\u0027, \u00273\u0027, \u0027-\u0027) for development versions (i.e \"2.3-dev0\"),\n\nI\u0027d propose something like\nr\u0027.*version (.+?)\\.(.+?)[.-](.+?)\\s.*\u0027\nit grabs anything between \u0027-\u0027 or \u0027.\u0027 and a whitespace","commit_id":"3b5f0a6677b3501392969cc183a1dfb92f47c780"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"031e489103568fd978dfc4d2def77d4d3add46b2","unresolved":false,"context_lines":[{"line_number":32,"context_line":"    version \u003d subprocess.check_output(cmd.split(), stderr\u003dsubprocess.STDOUT)"},{"line_number":33,"context_line":"    LOG.info(\"Version %s\", version.decode(\u0027utf-8\u0027))"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    version_re \u003d re.search(r\u0027.*version (.+?)\\.(.+?)\\.?(.+?|-dev).*\u0027,"},{"line_number":36,"context_line":"                           version.decode(\u0027utf-8\u0027))"},{"line_number":37,"context_line":"    major_version \u003d int(version_re.group(1))"},{"line_number":38,"context_line":"    minor_version \u003d int(version_re.group(2))"}],"source_content_type":"text/x-python","patch_set":33,"id":"9f560f44_0566f529","line":35,"range":{"start_line":35,"start_character":29,"end_line":35,"end_character":66},"in_reply_to":"9f560f44_bf5e4d10","updated":"2020-09-23 13:03:00.000000000","message":"Done","commit_id":"3b5f0a6677b3501392969cc183a1dfb92f47c780"}],"octavia/amphorae/backends/agent/api_server/loadbalancer.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"2d1568da8f03cc006a1c3825679777df1b6283a6","unresolved":false,"context_lines":[{"line_number":58,"context_line":"        self.stream \u003d stream_"},{"line_number":59,"context_line":"        self.hash \u003d hashlib.md5()  # nosec"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"    def read(self, l):"},{"line_number":62,"context_line":"        block \u003d self.stream.read(l)"},{"line_number":63,"context_line":"        if block:"},{"line_number":64,"context_line":"            self.hash.update(block)"}],"source_content_type":"text/x-python","patch_set":25,"id":"ff570b3c_acd7b023","line":61,"updated":"2020-05-12 09:53:32.000000000","message":"pep8: E741 ambiguous variable name \u0027l\u0027","commit_id":"6eabde47a117be67fdcf0100557e39d211f9593a"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"68f7e1c799fe1487fd504e0db6518ff1746d719c","unresolved":false,"context_lines":[{"line_number":201,"context_line":"                    amphora_nsname\u003dconsts.AMPHORA_NAMESPACE,"},{"line_number":202,"context_line":"                    HasIFUPAll\u003dself._osutils.has_ifup_all(),"},{"line_number":203,"context_line":"                    haproxy_major_version\u003dhap_major,"},{"line_number":204,"context_line":"                    haproxy_minor_version\u003dhap_minor"},{"line_number":205,"context_line":"                )"},{"line_number":206,"context_line":"                text_file.write(text)"},{"line_number":207,"context_line":""}],"source_content_type":"text/x-python","patch_set":31,"id":"9f560f44_17337415","line":204,"updated":"2020-08-27 21:48:30.000000000","message":"nit: does it make sense to add the subversion to the template and print it?","commit_id":"2a9162b6877182caeaf05203568252b5dbb72167"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"d64100d6b7c013ee1764f2a662d5005c9eec0ce4","unresolved":false,"context_lines":[{"line_number":201,"context_line":"                    amphora_nsname\u003dconsts.AMPHORA_NAMESPACE,"},{"line_number":202,"context_line":"                    HasIFUPAll\u003dself._osutils.has_ifup_all(),"},{"line_number":203,"context_line":"                    haproxy_major_version\u003dhap_major,"},{"line_number":204,"context_line":"                    haproxy_minor_version\u003dhap_minor"},{"line_number":205,"context_line":"                )"},{"line_number":206,"context_line":"                text_file.write(text)"},{"line_number":207,"context_line":""}],"source_content_type":"text/x-python","patch_set":31,"id":"9f560f44_6637a04f","line":204,"in_reply_to":"9f560f44_17337415","updated":"2020-08-28 08:11:17.000000000","message":"Done","commit_id":"2a9162b6877182caeaf05203568252b5dbb72167"}],"octavia/amphorae/drivers/haproxy/rest_api_driver.py":[{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"f4d7298871beb3cb6c38ca28c536638398909c0f","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        self._populate_amphora_api_version(amphora)"},{"line_number":89,"context_line":"        amp_info \u003d self.clients[amphora.api_version].get_info(amphora)"},{"line_number":90,"context_line":"        haproxy_version_string \u003d amp_info[\u0027haproxy_version\u0027]"},{"line_number":91,"context_line":"        versions \u003d haproxy_version_string.split(\u0027.\u0027)[:3]"},{"line_number":92,"context_line":"        versions[2] \u003d versions[2].split(\u0027-\u0027)[0]"},{"line_number":93,"context_line":"        return versions"},{"line_number":94,"context_line":""}],"source_content_type":"text/x-python","patch_set":33,"id":"9f560f44_ff828551","line":91,"range":{"start_line":91,"start_character":19,"end_line":91,"end_character":56},"updated":"2020-09-22 11:43:24.000000000","message":"a dev version might be \"2.3-dev0\", so split(\u0027.\u0027) would only return 2 elements","commit_id":"3b5f0a6677b3501392969cc183a1dfb92f47c780"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"031e489103568fd978dfc4d2def77d4d3add46b2","unresolved":false,"context_lines":[{"line_number":88,"context_line":"        self._populate_amphora_api_version(amphora)"},{"line_number":89,"context_line":"        amp_info \u003d self.clients[amphora.api_version].get_info(amphora)"},{"line_number":90,"context_line":"        haproxy_version_string \u003d amp_info[\u0027haproxy_version\u0027]"},{"line_number":91,"context_line":"        versions \u003d haproxy_version_string.split(\u0027.\u0027)[:3]"},{"line_number":92,"context_line":"        versions[2] \u003d versions[2].split(\u0027-\u0027)[0]"},{"line_number":93,"context_line":"        return versions"},{"line_number":94,"context_line":""}],"source_content_type":"text/x-python","patch_set":33,"id":"9f560f44_a50bc928","line":91,"range":{"start_line":91,"start_character":19,"end_line":91,"end_character":56},"in_reply_to":"9f560f44_ff828551","updated":"2020-09-23 13:03:00.000000000","message":"Done","commit_id":"3b5f0a6677b3501392969cc183a1dfb92f47c780"}],"octavia/common/config.py":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"e98943c17134009c6fcb67d23814f7aadb190937","unresolved":false,"context_lines":[{"line_number":357,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":358,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":359,"context_line":"                      \"SSL/TLS handshake defined with \u0027server\u0027 line in haproxy\""},{"line_number":360,"context_line":"                      \" conf\")),"},{"line_number":361,"context_line":"]"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"controller_worker_opts \u003d ["}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_95581988","line":360,"range":{"start_line":360,"start_character":23,"end_line":360,"end_character":28},"updated":"2019-09-27 14:47:21.000000000","message":"super nit: L354 has this on the previous line","commit_id":"ab896e8932b0c3551a0b25399fb90e08fccdc984"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"50c23bc7c2c4f5b4611532f94af35f2977665ede","unresolved":false,"context_lines":[{"line_number":357,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":358,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":359,"context_line":"                      \"SSL/TLS handshake defined with \u0027server\u0027 line in haproxy\""},{"line_number":360,"context_line":"                      \" conf\")),"},{"line_number":361,"context_line":"]"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"controller_worker_opts \u003d ["}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_258cac34","line":360,"range":{"start_line":360,"start_character":23,"end_line":360,"end_character":28},"in_reply_to":"3fa7e38b_95581988","updated":"2019-10-14 10:40:17.000000000","message":"Done","commit_id":"ab896e8932b0c3551a0b25399fb90e08fccdc984"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"5ef0f2badcb11028c368b73c480d716c6261a890","unresolved":false,"context_lines":[{"line_number":353,"context_line":"               default\u003dconstants.DEFAULT_SSL_CIPHERS,"},{"line_number":354,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":355,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":356,"context_line":"                      \"SSL/TLS handshake defined with \u0027bind\u0027 line in haproxy \""},{"line_number":357,"context_line":"                      \"conf\")),"},{"line_number":358,"context_line":"    cfg.StrOpt(\u0027ssl_default_server_ciphers\u0027,"},{"line_number":359,"context_line":"               default\u003dconstants.DEFAULT_SSL_CIPHERS,"}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_41c88aa6","line":356,"range":{"start_line":356,"start_character":54,"end_line":356,"end_character":60},"updated":"2019-11-04 19:12:49.000000000","message":"VIP cipher suites?","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"2190ac3e0d9b76cc88aedf15d58cb15852d32633","unresolved":false,"context_lines":[{"line_number":353,"context_line":"               default\u003dconstants.DEFAULT_SSL_CIPHERS,"},{"line_number":354,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":355,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":356,"context_line":"                      \"SSL/TLS handshake defined with \u0027bind\u0027 line in haproxy \""},{"line_number":357,"context_line":"                      \"conf\")),"},{"line_number":358,"context_line":"    cfg.StrOpt(\u0027ssl_default_server_ciphers\u0027,"},{"line_number":359,"context_line":"               default\u003dconstants.DEFAULT_SSL_CIPHERS,"}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_927c8beb","line":356,"range":{"start_line":356,"start_character":54,"end_line":356,"end_character":60},"in_reply_to":"3fa7e38b_41c88aa6","updated":"2019-11-05 09:28:48.000000000","message":"Done","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"5ef0f2badcb11028c368b73c480d716c6261a890","unresolved":false,"context_lines":[{"line_number":358,"context_line":"    cfg.StrOpt(\u0027ssl_default_server_ciphers\u0027,"},{"line_number":359,"context_line":"               default\u003dconstants.DEFAULT_SSL_CIPHERS,"},{"line_number":360,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":361,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":362,"context_line":"                      \"SSL/TLS handshake defined with \u0027server\u0027 line in \""},{"line_number":363,"context_line":"                      \"haproxy conf\")),"},{"line_number":364,"context_line":"]"}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_e1f976c4","line":361,"updated":"2019-11-04 19:12:49.000000000","message":"I think we should also comment that this string must be in OpenSSL cipher list format:\nhttps://www.openssl.org/docs/man1.0.2/man1/ciphers.html","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"2190ac3e0d9b76cc88aedf15d58cb15852d32633","unresolved":false,"context_lines":[{"line_number":358,"context_line":"    cfg.StrOpt(\u0027ssl_default_server_ciphers\u0027,"},{"line_number":359,"context_line":"               default\u003dconstants.DEFAULT_SSL_CIPHERS,"},{"line_number":360,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":361,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":362,"context_line":"                      \"SSL/TLS handshake defined with \u0027server\u0027 line in \""},{"line_number":363,"context_line":"                      \"haproxy conf\")),"},{"line_number":364,"context_line":"]"}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_f26cdf36","line":361,"in_reply_to":"3fa7e38b_e1f976c4","updated":"2019-11-05 09:28:48.000000000","message":"Done","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"5ef0f2badcb11028c368b73c480d716c6261a890","unresolved":false,"context_lines":[{"line_number":359,"context_line":"               default\u003dconstants.DEFAULT_SSL_CIPHERS,"},{"line_number":360,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":361,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":362,"context_line":"                      \"SSL/TLS handshake defined with \u0027server\u0027 line in \""},{"line_number":363,"context_line":"                      \"haproxy conf\")),"},{"line_number":364,"context_line":"]"},{"line_number":365,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_01c6129b","line":362,"range":{"start_line":362,"start_character":54,"end_line":362,"end_character":63},"updated":"2019-11-04 19:12:49.000000000","message":"member server cipher suites?","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"2190ac3e0d9b76cc88aedf15d58cb15852d32633","unresolved":false,"context_lines":[{"line_number":359,"context_line":"               default\u003dconstants.DEFAULT_SSL_CIPHERS,"},{"line_number":360,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":361,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":362,"context_line":"                      \"SSL/TLS handshake defined with \u0027server\u0027 line in \""},{"line_number":363,"context_line":"                      \"haproxy conf\")),"},{"line_number":364,"context_line":"]"},{"line_number":365,"context_line":""}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_b272e710","line":362,"range":{"start_line":362,"start_character":54,"end_line":362,"end_character":63},"in_reply_to":"3fa7e38b_01c6129b","updated":"2019-11-05 09:28:48.000000000","message":"Done","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"5ef0f2badcb11028c368b73c480d716c6261a890","unresolved":false,"context_lines":[{"line_number":360,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":361,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":362,"context_line":"                      \"SSL/TLS handshake defined with \u0027server\u0027 line in \""},{"line_number":363,"context_line":"                      \"haproxy conf\")),"},{"line_number":364,"context_line":"]"},{"line_number":365,"context_line":""},{"line_number":366,"context_line":"controller_worker_opts \u003d ["}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_a1d5be44","line":363,"updated":"2019-11-04 19:12:49.000000000","message":"I think these both should move to another configuration file section, maybe [controller_worker]. The ability to specify TLS ciphers is not an \"amphora\" or \"haproxy\" specific feature. Multiple Octavia drivers will likely support the ability to specify the cipher suites.\nLet\u0027s try to make this more generic and not reference haproxy.","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"2190ac3e0d9b76cc88aedf15d58cb15852d32633","unresolved":false,"context_lines":[{"line_number":360,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":361,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":362,"context_line":"                      \"SSL/TLS handshake defined with \u0027server\u0027 line in \""},{"line_number":363,"context_line":"                      \"haproxy conf\")),"},{"line_number":364,"context_line":"]"},{"line_number":365,"context_line":""},{"line_number":366,"context_line":"controller_worker_opts \u003d ["}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_7279cff9","line":363,"in_reply_to":"3fa7e38b_a1d5be44","updated":"2019-11-05 09:28:48.000000000","message":"Done","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"52c8bc3cfb38b7f588b6aef172b995069dd84d5d","unresolved":true,"context_lines":[{"line_number":517,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":518,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":519,"context_line":"                      \"SSL/TLS handshake defined with VIP cipher suites line \""},{"line_number":520,"context_line":"                      \"in haproxy conf. String must be in OpenSSL cipher list \""},{"line_number":521,"context_line":"                      \"format. https://www.openssl.org/docs/manmaster/man1/\""},{"line_number":522,"context_line":"                      \"openssl-ciphers.html\")),"},{"line_number":523,"context_line":"    cfg.StrOpt(\u0027ssl_default_server_ciphers\u0027,"}],"source_content_type":"text/x-python","patch_set":36,"id":"8b2f891c_9335c91f","line":520,"updated":"2021-03-06 06:53:52.000000000","message":"So, these both concern me slightly, because they expose very clearly things about our backend (that it is using HAProxy). Even if this is a somewhat common option/format, would it be better to keep it slightly more generic rather than copying the HAProxy variable name directly and referring to it in the docstring? Or did we decide to drop the illusion that we\u0027ll ever have any other amphora drivers besides HAProxy?","commit_id":"a8b40a6ca849dc1e325300303ab75cdbc2e17da6"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"99946bf0568645116c40ec81a1192efe7f479d9a","unresolved":true,"context_lines":[{"line_number":517,"context_line":"               help\u003d_(\"It sets the default string describing the list of \""},{"line_number":518,"context_line":"                      \"cipher algorithms that are negotiated during the \""},{"line_number":519,"context_line":"                      \"SSL/TLS handshake defined with VIP cipher suites line \""},{"line_number":520,"context_line":"                      \"in haproxy conf. String must be in OpenSSL cipher list \""},{"line_number":521,"context_line":"                      \"format. https://www.openssl.org/docs/manmaster/man1/\""},{"line_number":522,"context_line":"                      \"openssl-ciphers.html\")),"},{"line_number":523,"context_line":"    cfg.StrOpt(\u0027ssl_default_server_ciphers\u0027,"}],"source_content_type":"text/x-python","patch_set":36,"id":"6eb7c062_4b5d462f","line":520,"in_reply_to":"8b2f891c_9335c91f","updated":"2021-03-10 08:05:57.000000000","message":"We set default_listener_ciphers and default_pool_ciphers in the same way, see line 108, 112.","commit_id":"a8b40a6ca849dc1e325300303ab75cdbc2e17da6"}],"octavia/common/constants.py":[{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"fff28a58b010087faa4986b5a943a9d458d6d2e2","unresolved":false,"context_lines":[{"line_number":229,"context_line":"DEFAULT_TIMEOUT_MEMBER_DATA \u003d 50000"},{"line_number":230,"context_line":"DEFAULT_TIMEOUT_TCP_INSPECT \u003d 0"},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"DEFAULT_SSL_CIPHERS \u003d (\u0027ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:\u0027"},{"line_number":233,"context_line":"                       \u0027ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESG\u0027"},{"line_number":234,"context_line":"                       \u0027CM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS\u0027)"},{"line_number":235,"context_line":""},{"line_number":236,"context_line":"MUTABLE_STATUSES \u003d (lib_consts.ACTIVE,)"},{"line_number":237,"context_line":"DELETABLE_STATUSES \u003d (lib_consts.ACTIVE, lib_consts.ERROR)"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_1daa1518","line":234,"range":{"start_line":232,"start_character":0,"end_line":234,"end_character":62},"updated":"2019-09-27 12:25:35.000000000","message":"Do we want to introduce some default cipher list as shown here?","commit_id":"ab896e8932b0c3551a0b25399fb90e08fccdc984"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"e98943c17134009c6fcb67d23814f7aadb190937","unresolved":false,"context_lines":[{"line_number":229,"context_line":"DEFAULT_TIMEOUT_MEMBER_DATA \u003d 50000"},{"line_number":230,"context_line":"DEFAULT_TIMEOUT_TCP_INSPECT \u003d 0"},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"DEFAULT_SSL_CIPHERS \u003d (\u0027ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:\u0027"},{"line_number":233,"context_line":"                       \u0027ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESG\u0027"},{"line_number":234,"context_line":"                       \u0027CM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS\u0027)"},{"line_number":235,"context_line":""},{"line_number":236,"context_line":"MUTABLE_STATUSES \u003d (lib_consts.ACTIVE,)"},{"line_number":237,"context_line":"DELETABLE_STATUSES \u003d (lib_consts.ACTIVE, lib_consts.ERROR)"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_95b49981","line":234,"range":{"start_line":232,"start_character":0,"end_line":234,"end_character":62},"in_reply_to":"3fa7e38b_1daa1518","updated":"2019-09-27 14:47:21.000000000","message":"To me, as a newbie, this is confusing since it\u0027s all the ciphers grouped together, and not a readable list that\u0027s then joined together with a \u0027:\u0027 in-between elements.  So I don\u0027t know if it\u0027s better to use a \"supported\" list as other constants do.","commit_id":"ab896e8932b0c3551a0b25399fb90e08fccdc984"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"95ec07a68d7a9c704d192fd7252c0e6715390060","unresolved":false,"context_lines":[{"line_number":229,"context_line":"DEFAULT_TIMEOUT_MEMBER_DATA \u003d 50000"},{"line_number":230,"context_line":"DEFAULT_TIMEOUT_TCP_INSPECT \u003d 0"},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"DEFAULT_SSL_CIPHERS \u003d (\u0027ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:\u0027"},{"line_number":233,"context_line":"                       \u0027ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESG\u0027"},{"line_number":234,"context_line":"                       \u0027CM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS\u0027)"},{"line_number":235,"context_line":""},{"line_number":236,"context_line":"MUTABLE_STATUSES \u003d (lib_consts.ACTIVE,)"},{"line_number":237,"context_line":"DELETABLE_STATUSES \u003d (lib_consts.ACTIVE, lib_consts.ERROR)"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_d8a328ff","line":234,"range":{"start_line":232,"start_character":0,"end_line":234,"end_character":62},"in_reply_to":"3fa7e38b_95b49981","updated":"2019-09-27 14:56:08.000000000","message":"I mostly put this option as an example, I copied this list from default haproxy settings as it is.\n\n\t# Default ciphers to use on SSL-enabled listening sockets.\n\t# For more information, see ciphers(1SSL). This list is from:\n\t#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/\n\tssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS","commit_id":"ab896e8932b0c3551a0b25399fb90e08fccdc984"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"5ef0f2badcb11028c368b73c480d716c6261a890","unresolved":false,"context_lines":[{"line_number":229,"context_line":"DEFAULT_TIMEOUT_MEMBER_DATA \u003d 50000"},{"line_number":230,"context_line":"DEFAULT_TIMEOUT_TCP_INSPECT \u003d 0"},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"# As default ciphers used OWASP Cipher String \u0027B\u0027"},{"line_number":233,"context_line":"DEFAULT_SSL_CIPHERS \u003d (\u0027TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:\u0027"},{"line_number":234,"context_line":"                       \u0027TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:\u0027"},{"line_number":235,"context_line":"                       \u0027DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:\u0027"}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_e1b65625","line":232,"updated":"2019-11-04 19:12:49.000000000","message":"It might be nice to have a link:\nhttps://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"5ef0f2badcb11028c368b73c480d716c6261a890","unresolved":false,"context_lines":[{"line_number":236,"context_line":"                       \u0027ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:\u0027"},{"line_number":237,"context_line":"                       \u0027DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:\u0027"},{"line_number":238,"context_line":"                       \u0027ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:\u0027"},{"line_number":239,"context_line":"                       \u0027!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA:!3DES\u0027)"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"MUTABLE_STATUSES \u003d (lib_consts.ACTIVE,)"},{"line_number":242,"context_line":"DELETABLE_STATUSES \u003d (lib_consts.ACTIVE, lib_consts.ERROR)"}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_410baad3","line":239,"updated":"2019-11-04 19:12:49.000000000","message":"I think we should also comment that this string must be in OpenSSL cipher list format:\nhttps://www.openssl.org/docs/man1.0.2/man1/ciphers.html","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"e6e581c02d1f42795beb62b0a6a0bb70f3584dcc","unresolved":false,"context_lines":[{"line_number":236,"context_line":"                       \u0027ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:\u0027"},{"line_number":237,"context_line":"                       \u0027DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:\u0027"},{"line_number":238,"context_line":"                       \u0027ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:\u0027"},{"line_number":239,"context_line":"                       \u0027!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA:!3DES\u0027)"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"MUTABLE_STATUSES \u003d (lib_consts.ACTIVE,)"},{"line_number":242,"context_line":"DELETABLE_STATUSES \u003d (lib_consts.ACTIVE, lib_consts.ERROR)"}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_41a72abd","line":239,"in_reply_to":"3fa7e38b_410baad3","updated":"2019-11-04 19:14:31.000000000","message":"Actually, this link is probably better: https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"2190ac3e0d9b76cc88aedf15d58cb15852d32633","unresolved":false,"context_lines":[{"line_number":236,"context_line":"                       \u0027ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:\u0027"},{"line_number":237,"context_line":"                       \u0027DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:\u0027"},{"line_number":238,"context_line":"                       \u0027ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:\u0027"},{"line_number":239,"context_line":"                       \u0027!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA:!3DES\u0027)"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"MUTABLE_STATUSES \u003d (lib_consts.ACTIVE,)"},{"line_number":242,"context_line":"DELETABLE_STATUSES \u003d (lib_consts.ACTIVE, lib_consts.ERROR)"}],"source_content_type":"text/x-python","patch_set":7,"id":"3fa7e38b_12d65bc4","line":239,"in_reply_to":"3fa7e38b_41a72abd","updated":"2019-11-05 09:28:48.000000000","message":"Done","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"}],"octavia/common/jinja/haproxy/combined_listeners/jinja_cfg.py":[{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"fff28a58b010087faa4986b5a943a9d458d6d2e2","unresolved":false,"context_lines":[{"line_number":209,"context_line":"                host_amphora, feature_compatibility),"},{"line_number":210,"context_line":"            \u0027amphorae\u0027: loadbalancer.amphorae,"},{"line_number":211,"context_line":"            \u0027ssl_default_bind_ciphers\u0027:"},{"line_number":212,"context_line":"                CONF.haproxy_amphora.ssl_default_bind_ciphers,"},{"line_number":213,"context_line":"            \u0027ssl_default_server_ciphers\u0027:"},{"line_number":214,"context_line":"                CONF.haproxy_amphora.ssl_default_server_ciphers,"},{"line_number":215,"context_line":"        }"}],"source_content_type":"text/x-python","patch_set":1,"id":"3fa7e38b_fd513937","line":212,"range":{"start_line":212,"start_character":16,"end_line":212,"end_character":61},"updated":"2019-09-27 12:25:35.000000000","message":"Do we need to validate, that string from conf contains correct cipher list or we expect that users set up it properly?","commit_id":"ab896e8932b0c3551a0b25399fb90e08fccdc984"},{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"f4d7298871beb3cb6c38ca28c536638398909c0f","unresolved":false,"context_lines":[{"line_number":109,"context_line":"        else:"},{"line_number":110,"context_line":"            if not (int(haproxy_versions[0]) \u003c 2 and"},{"line_number":111,"context_line":"                    int(haproxy_versions[1]) \u003c 9 and"},{"line_number":112,"context_line":"                    subv \u003c 20):"},{"line_number":113,"context_line":"                feature_compatibility[constants.CIPHERSUITES] \u003d True"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"        return self.render_loadbalancer_obj("}],"source_content_type":"text/x-python","patch_set":33,"id":"9f560f44_2da697c1","line":112,"range":{"start_line":112,"start_character":20,"end_line":112,"end_character":24},"updated":"2020-09-22 11:43:24.000000000","message":"can\u0027t we enable ciphersuites for dev versions?","commit_id":"3b5f0a6677b3501392969cc183a1dfb92f47c780"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"031e489103568fd978dfc4d2def77d4d3add46b2","unresolved":false,"context_lines":[{"line_number":109,"context_line":"        else:"},{"line_number":110,"context_line":"            if not (int(haproxy_versions[0]) \u003c 2 and"},{"line_number":111,"context_line":"                    int(haproxy_versions[1]) \u003c 9 and"},{"line_number":112,"context_line":"                    subv \u003c 20):"},{"line_number":113,"context_line":"                feature_compatibility[constants.CIPHERSUITES] \u003d True"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"        return self.render_loadbalancer_obj("}],"source_content_type":"text/x-python","patch_set":33,"id":"9f560f44_a08f372c","line":112,"range":{"start_line":112,"start_character":20,"end_line":112,"end_character":24},"in_reply_to":"9f560f44_2da697c1","updated":"2020-09-23 13:03:00.000000000","message":"Done","commit_id":"3b5f0a6677b3501392969cc183a1dfb92f47c780"}],"octavia/common/jinja/haproxy/combined_listeners/templates/base.j2":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"5ef0f2badcb11028c368b73c480d716c6261a890","unresolved":false,"context_lines":[{"line_number":22,"context_line":"    stats socket {{ sock_path }} mode 0666 level user"},{"line_number":23,"context_line":"    {% if loadbalancer.global_connection_limit is defined %}"},{"line_number":24,"context_line":"    maxconn {{ loadbalancer.global_connection_limit }}"},{"line_number":25,"context_line":"    ssl-default-bind-ciphers {{ loadbalancer.ssl_default_bind_ciphers }}"},{"line_number":26,"context_line":"    ssl-default-server-ciphers {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":27,"context_line":"    {% endif %}"},{"line_number":28,"context_line":"    {% set found_ns \u003d namespace(found\u003dfalse) %}"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"3fa7e38b_81d3e237","line":25,"updated":"2019-11-04 19:12:49.000000000","message":"What about the TLS 1.3 cipher suites?\nhttp://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.1-ssl-default-bind-ciphersuites","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"2190ac3e0d9b76cc88aedf15d58cb15852d32633","unresolved":false,"context_lines":[{"line_number":22,"context_line":"    stats socket {{ sock_path }} mode 0666 level user"},{"line_number":23,"context_line":"    {% if loadbalancer.global_connection_limit is defined %}"},{"line_number":24,"context_line":"    maxconn {{ loadbalancer.global_connection_limit }}"},{"line_number":25,"context_line":"    ssl-default-bind-ciphers {{ loadbalancer.ssl_default_bind_ciphers }}"},{"line_number":26,"context_line":"    ssl-default-server-ciphers {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":27,"context_line":"    {% endif %}"},{"line_number":28,"context_line":"    {% set found_ns \u003d namespace(found\u003dfalse) %}"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"3fa7e38b_ade28c2e","line":25,"in_reply_to":"3fa7e38b_81d3e237","updated":"2019-11-05 09:28:48.000000000","message":"TLS_PROTOCOL_CHOICES constant that we have does not contain \u0027TLSv1.3\u0027 option. I will update it with TLSv1.3 then as well.","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"5ef0f2badcb11028c368b73c480d716c6261a890","unresolved":false,"context_lines":[{"line_number":23,"context_line":"    {% if loadbalancer.global_connection_limit is defined %}"},{"line_number":24,"context_line":"    maxconn {{ loadbalancer.global_connection_limit }}"},{"line_number":25,"context_line":"    ssl-default-bind-ciphers {{ loadbalancer.ssl_default_bind_ciphers }}"},{"line_number":26,"context_line":"    ssl-default-server-ciphers {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":27,"context_line":"    {% endif %}"},{"line_number":28,"context_line":"    {% set found_ns \u003d namespace(found\u003dfalse) %}"},{"line_number":29,"context_line":"    {% for listener in loadbalancer.listeners if listener.enabled %}"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"3fa7e38b_a1d61e26","line":26,"updated":"2019-11-04 19:12:49.000000000","message":"What about the TLS 1.3 cipher suites?\nhttp://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.1-ssl-default-server-ciphersuites","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"2190ac3e0d9b76cc88aedf15d58cb15852d32633","unresolved":false,"context_lines":[{"line_number":23,"context_line":"    {% if loadbalancer.global_connection_limit is defined %}"},{"line_number":24,"context_line":"    maxconn {{ loadbalancer.global_connection_limit }}"},{"line_number":25,"context_line":"    ssl-default-bind-ciphers {{ loadbalancer.ssl_default_bind_ciphers }}"},{"line_number":26,"context_line":"    ssl-default-server-ciphers {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":27,"context_line":"    {% endif %}"},{"line_number":28,"context_line":"    {% set found_ns \u003d namespace(found\u003dfalse) %}"},{"line_number":29,"context_line":"    {% for listener in loadbalancer.listeners if listener.enabled %}"}],"source_content_type":"text/x-jinja2","patch_set":7,"id":"3fa7e38b_cddd886d","line":26,"in_reply_to":"3fa7e38b_a1d61e26","updated":"2019-11-05 09:28:48.000000000","message":"Done","commit_id":"d1c39b6d09500881e47c289e7e870cbc5b02f735"},{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"52c8bc3cfb38b7f588b6aef172b995069dd84d5d","unresolved":true,"context_lines":[{"line_number":27,"context_line":"    ssl-default-server-ciphers {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":28,"context_line":"    {% if loadbalancer.enable_ciphersuites %}"},{"line_number":29,"context_line":"    ssl-default-bind-ciphersuites {{ loadbalancer.ssl_default_bind_ciphers }}"},{"line_number":30,"context_line":"    ssl-default-server-ciphersuites {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":31,"context_line":"    {% endif %}"},{"line_number":32,"context_line":"    {% set found_ns \u003d namespace(found\u003dfalse) %}"},{"line_number":33,"context_line":"    {% for listener in loadbalancer.listeners if listener.enabled %}"}],"source_content_type":"text/x-jinja2","patch_set":36,"id":"248be450_00d3679f","line":30,"updated":"2021-03-06 06:53:52.000000000","message":"Err, this would just be the same data twice? Shouldn\u0027t it be different? Maybe I\u0027m missing some context?","commit_id":"a8b40a6ca849dc1e325300303ab75cdbc2e17da6"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"99946bf0568645116c40ec81a1192efe7f479d9a","unresolved":true,"context_lines":[{"line_number":27,"context_line":"    ssl-default-server-ciphers {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":28,"context_line":"    {% if loadbalancer.enable_ciphersuites %}"},{"line_number":29,"context_line":"    ssl-default-bind-ciphersuites {{ loadbalancer.ssl_default_bind_ciphers }}"},{"line_number":30,"context_line":"    ssl-default-server-ciphersuites {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":31,"context_line":"    {% endif %}"},{"line_number":32,"context_line":"    {% set found_ns \u003d namespace(found\u003dfalse) %}"},{"line_number":33,"context_line":"    {% for listener in loadbalancer.listeners if listener.enabled %}"}],"source_content_type":"text/x-jinja2","patch_set":36,"id":"afae5419_374f4131","line":30,"in_reply_to":"248be450_00d3679f","updated":"2021-03-10 08:05:57.000000000","message":"ssl-default-bind-ciphers is for TLSv1.2 and earlier and ssl-default-bind-ciphersuites is for TLSv1.3.\nhttps://cbonte.github.io/haproxy-dconv/1.9/configuration.html#3.1-ssl-default-bind-ciphers","commit_id":"a8b40a6ca849dc1e325300303ab75cdbc2e17da6"}],"octavia/common/jinja/haproxy/split_listeners/jinja_cfg.py":[{"author":{"_account_id":29244,"name":"Gregory Thiemonge","email":"gthiemon@redhat.com","username":"gthiemonge"},"change_message_id":"f4d7298871beb3cb6c38ca28c536638398909c0f","unresolved":false,"context_lines":[{"line_number":109,"context_line":"                pass"},{"line_number":110,"context_line":"            if subv is not None and not (int(haproxy_versions[0]) \u003c 2 and"},{"line_number":111,"context_line":"                                         int(haproxy_versions[1]) \u003c 9 and"},{"line_number":112,"context_line":"                                         subv \u003c 20):"},{"line_number":113,"context_line":"                feature_compatibility[constants.CIPHERSUITES] \u003d True"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"        return self.render_loadbalancer_obj("}],"source_content_type":"text/x-python","patch_set":33,"id":"9f560f44_2d94d735","line":112,"range":{"start_line":112,"start_character":41,"end_line":112,"end_character":45},"updated":"2020-09-22 11:43:24.000000000","message":"ditto","commit_id":"3b5f0a6677b3501392969cc183a1dfb92f47c780"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"031e489103568fd978dfc4d2def77d4d3add46b2","unresolved":false,"context_lines":[{"line_number":109,"context_line":"                pass"},{"line_number":110,"context_line":"            if subv is not None and not (int(haproxy_versions[0]) \u003c 2 and"},{"line_number":111,"context_line":"                                         int(haproxy_versions[1]) \u003c 9 and"},{"line_number":112,"context_line":"                                         subv \u003c 20):"},{"line_number":113,"context_line":"                feature_compatibility[constants.CIPHERSUITES] \u003d True"},{"line_number":114,"context_line":""},{"line_number":115,"context_line":"        return self.render_loadbalancer_obj("}],"source_content_type":"text/x-python","patch_set":33,"id":"9f560f44_802f93f3","line":112,"range":{"start_line":112,"start_character":41,"end_line":112,"end_character":45},"in_reply_to":"9f560f44_2d94d735","updated":"2020-09-23 13:03:00.000000000","message":"Done","commit_id":"3b5f0a6677b3501392969cc183a1dfb92f47c780"}],"octavia/common/jinja/haproxy/split_listeners/templates/base.j2":[{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"52c8bc3cfb38b7f588b6aef172b995069dd84d5d","unresolved":true,"context_lines":[{"line_number":27,"context_line":"    ssl-default-server-ciphers {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":28,"context_line":"    {% if loadbalancer.enable_ciphersuites %}"},{"line_number":29,"context_line":"    ssl-default-bind-ciphersuites {{ loadbalancer.ssl_default_bind_ciphers }}"},{"line_number":30,"context_line":"    ssl-default-server-ciphersuites {{ loadbalancer.ssl_default_server_ciphers }}"},{"line_number":31,"context_line":"    {% endif %}"},{"line_number":32,"context_line":"    {% set found_ns \u003d namespace(found\u003dfalse) %}"},{"line_number":33,"context_line":"    {% for pool in loadbalancer.listener.pools if pool.enabled %}"}],"source_content_type":"text/x-jinja2","patch_set":36,"id":"450b9535_b18522a0","line":30,"updated":"2021-03-06 06:53:52.000000000","message":"Same -- maybe I don\u0027t understand, but I thought \"ciphers\" and \"ciphersuites\" would be different things :/","commit_id":"a8b40a6ca849dc1e325300303ab75cdbc2e17da6"}],"releasenotes/notes/add-an-ability-to-set-default-ssl-ciphers-via-config-560279c127172e955.yaml":[{"author":{"_account_id":10273,"name":"Adam Harwell","email":"flux.adam@gmail.com","username":"rm_you"},"change_message_id":"52c8bc3cfb38b7f588b6aef172b995069dd84d5d","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds new config parameters ``ssl_default_bind_ciphers`` and"},{"line_number":5,"context_line":"    ``ssl_default_server_ciphers`` with which an admin can specify default cipher"},{"line_number":6,"context_line":"    algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":36,"id":"67d0340c_ed632735","line":4,"range":{"start_line":4,"start_character":45,"end_line":4,"end_character":57},"updated":"2021-03-06 06:53:52.000000000","message":"It\u0027s really this \"bind_ciphers\" I have concerns with -- is this a very specific HAProxy term? What would other providers call this? Do we need to worry about other providers?","commit_id":"a8b40a6ca849dc1e325300303ab75cdbc2e17da6"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"99946bf0568645116c40ec81a1192efe7f479d9a","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds new config parameters ``ssl_default_bind_ciphers`` and"},{"line_number":5,"context_line":"    ``ssl_default_server_ciphers`` with which an admin can specify default cipher"},{"line_number":6,"context_line":"    algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":36,"id":"5527ca12_73f57533","line":4,"range":{"start_line":4,"start_character":45,"end_line":4,"end_character":57},"in_reply_to":"67d0340c_ed632735","updated":"2021-03-10 08:05:57.000000000","message":"I see this in a way to make our amphora provider allow to use HAproxy functional fully if customer has restrictions about ciphers. Whole story is about amphora only https://storyboard.openstack.org/#!/story/2006627","commit_id":"a8b40a6ca849dc1e325300303ab75cdbc2e17da6"}],"releasenotes/notes/add-an-ability-to-set-default-ssl-ciphers-via-config-560279c127172e955.yml":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"f6752f8d41a4207bd51350f5c2d0cc4e636a1201","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Adds a new config parameters `ssl_default_bind_ciphers` and"},{"line_number":4,"context_line":"  `ssl_default_server_ciphers` with which admin can specify default ciphers"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":13,"id":"3fa7e38b_ff414da8","line":3,"range":{"start_line":3,"start_character":2,"end_line":3,"end_character":4},"updated":"2019-12-09 22:47:10.000000000","message":"I think you need to remove the preceding \u0027- \u0027 since this note isn\u0027t showing up in the releasenote build, https://f98e50b3282ebc0b1beb-898f26705d12920a8415687f7498c84f.ssl.cf2.rackcdn.com/685337/13/check/build-openstack-releasenotes/9ac38c2/docs/unreleased.html","commit_id":"632fe157aa1fc146ca9599e9b56f668fe8755201"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"f6752f8d41a4207bd51350f5c2d0cc4e636a1201","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Adds a new config parameters `ssl_default_bind_ciphers` and"},{"line_number":4,"context_line":"  `ssl_default_server_ciphers` with which admin can specify default ciphers"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":13,"id":"3fa7e38b_bf1195b1","line":3,"range":{"start_line":3,"start_character":33,"end_line":3,"end_character":34},"updated":"2019-12-09 22:47:10.000000000","message":"These should be `` at both ends and below so the option shows as bold in the release note","commit_id":"632fe157aa1fc146ca9599e9b56f668fe8755201"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"f6752f8d41a4207bd51350f5c2d0cc4e636a1201","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Adds a new config parameters `ssl_default_bind_ciphers` and"},{"line_number":4,"context_line":"  `ssl_default_server_ciphers` with which admin can specify default ciphers"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":13,"id":"3fa7e38b_9f0cd993","line":3,"range":{"start_line":3,"start_character":9,"end_line":3,"end_character":14},"updated":"2019-12-09 22:47:10.000000000","message":"s/new (no a)","commit_id":"632fe157aa1fc146ca9599e9b56f668fe8755201"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"33fa98ea62f6457969c84dcb44c78e4865add467","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Adds a new config parameters `ssl_default_bind_ciphers` and"},{"line_number":4,"context_line":"  `ssl_default_server_ciphers` with which admin can specify default ciphers"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":13,"id":"3fa7e38b_ba089c7f","line":3,"range":{"start_line":3,"start_character":2,"end_line":3,"end_character":4},"in_reply_to":"3fa7e38b_ff414da8","updated":"2019-12-12 03:37:47.000000000","message":"Done","commit_id":"632fe157aa1fc146ca9599e9b56f668fe8755201"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"f6752f8d41a4207bd51350f5c2d0cc4e636a1201","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Adds a new config parameters `ssl_default_bind_ciphers` and"},{"line_number":4,"context_line":"  `ssl_default_server_ciphers` with which admin can specify default ciphers"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":13,"id":"3fa7e38b_3f25a50a","line":4,"range":{"start_line":4,"start_character":42,"end_line":4,"end_character":47},"updated":"2019-12-09 22:47:10.000000000","message":"s/an admin","commit_id":"632fe157aa1fc146ca9599e9b56f668fe8755201"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"f6752f8d41a4207bd51350f5c2d0cc4e636a1201","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Adds a new config parameters `ssl_default_bind_ciphers` and"},{"line_number":4,"context_line":"  `ssl_default_server_ciphers` with which admin can specify default ciphers"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":13,"id":"3fa7e38b_5f22e102","line":4,"range":{"start_line":4,"start_character":68,"end_line":4,"end_character":75},"updated":"2019-12-09 22:47:10.000000000","message":"s/cipher","commit_id":"632fe157aa1fc146ca9599e9b56f668fe8755201"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"33fa98ea62f6457969c84dcb44c78e4865add467","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  - Adds a new config parameters `ssl_default_bind_ciphers` and"},{"line_number":4,"context_line":"  `ssl_default_server_ciphers` with which admin can specify default ciphers"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":13,"id":"3fa7e38b_da0b1879","line":4,"range":{"start_line":4,"start_character":68,"end_line":4,"end_character":75},"in_reply_to":"3fa7e38b_5f22e102","updated":"2019-12-12 03:37:47.000000000","message":"Done","commit_id":"632fe157aa1fc146ca9599e9b56f668fe8755201"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"f5b2049fe08085a0b6ce1cf44172d22909a587c0","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  Adds new config parameters ``ssl_default_bind_ciphers`` and"},{"line_number":4,"context_line":"  ``ssl_default_server_ciphers`` with which an admin can specify default cipher"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":14,"id":"3fa7e38b_fa7a8ded","line":2,"updated":"2019-12-12 13:56:46.000000000","message":"So I finally figured out why this isn\u0027t showing up in the release notes, the first line after a heading should be:\n\n  - |\n    Adds new config ...\n\nI guess without that it\u0027s ignored.","commit_id":"3f1134a87ec79bda491edaac42b3036f67babe25"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"45a0cd0616a3a7179052bab311a1f3985fc88a62","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"features:"},{"line_number":3,"context_line":"  Adds new config parameters ``ssl_default_bind_ciphers`` and"},{"line_number":4,"context_line":"  ``ssl_default_server_ciphers`` with which an admin can specify default cipher"},{"line_number":5,"context_line":"  algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":14,"id":"3fa7e38b_f59cdebf","line":2,"in_reply_to":"3fa7e38b_fa7a8ded","updated":"2019-12-12 14:26:40.000000000","message":"Thanks!","commit_id":"3f1134a87ec79bda491edaac42b3036f67babe25"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"6934a00b6b41214f36a60583545c9e4b26d4a504","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds new config parameters ``ssl_default_bind_ciphers`` and"},{"line_number":5,"context_line":"    ``ssl_default_server_ciphers`` with which an admin can specify default cipher"},{"line_number":6,"context_line":"    algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":15,"id":"3fa7e38b_fb59d328","line":6,"updated":"2019-12-18 21:44:44.000000000","message":"So I think my previous comments were wrong on this file, since it still doesn\u0027t show up in the release note build.  But this time I have an answer - the file name needs to end in .yaml, not .yml.  If you simply make that change and leave everything else alone it will show up, verified by running \u0027tox -e releasenotes\u0027 and looking in the resultant releasenotes/build/html/unreleased.html file.","commit_id":"51126fe38b4abe6b77dd2f326e04b0315f666cac"},{"author":{"_account_id":7249,"name":"Ann Taraday","email":"akamyshnikova@mirantis.com","username":"AKamyshnikova"},"change_message_id":"d10c55edff9d5df2adb1052bccb3e718467fc747","unresolved":false,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Adds new config parameters ``ssl_default_bind_ciphers`` and"},{"line_number":5,"context_line":"    ``ssl_default_server_ciphers`` with which an admin can specify default cipher"},{"line_number":6,"context_line":"    algorithms that are negotiated during the SSL/TLS handshake."}],"source_content_type":"text/x-yaml","patch_set":15,"id":"3fa7e38b_49185e1e","line":6,"in_reply_to":"3fa7e38b_fb59d328","updated":"2019-12-19 08:12:18.000000000","message":"Done","commit_id":"51126fe38b4abe6b77dd2f326e04b0315f666cac"}]}