)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"03b6a08cfa520e14a01824ccaaec9c303eca3d67","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"6ab9cf0f_971c3ff2","updated":"2023-04-12 18:42:07.000000000","message":"works for me","commit_id":"0f7b0912440f0d24b034041f04c6c13309c4bc60"}],"defaults/main.yml":[{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"dc41ce335c794fbe20bcd1f90ffc85eaff1241d8","unresolved":true,"context_lines":[{"line_number":307,"context_line":"# define the process for security researchers to disclose security"},{"line_number":308,"context_line":"# vulnerabilities securely. For more information see https://securitytxt.org/"},{"line_number":309,"context_line":"# This content will be hosted at /security.txt and /.well-known/security.txt"},{"line_number":310,"context_line":"haproxy_security_txt_dir: \"/etc/haproxy\""},{"line_number":311,"context_line":"haproxy_security_txt_headers: |"},{"line_number":312,"context_line":"  HTTP/1.0 200 OK"},{"line_number":313,"context_line":"  Cache-Control: no-cache"},{"line_number":314,"context_line":"  Connection: close"},{"line_number":315,"context_line":"  Content-Type: text/html"},{"line_number":316,"context_line":""},{"line_number":317,"context_line":"# haproxy_security_txt_content: |"},{"line_number":318,"context_line":"#   # Please see https://securitytxt.org/ for details of the specification of this file"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"c9087e29_0b719933","line":315,"range":{"start_line":310,"start_character":0,"end_line":315,"end_character":25},"updated":"2023-04-11 22:25:54.000000000","message":"I wonder if we can/should make this somehow more generic, like mapping?\n\nAs there\u0027s already another usecase, where we might want to serve an arbitrary text file, which is openstack profiles (https://opendev.org/openstack/openstacksdk/src/branch/master/openstack/config/vendors) - see also vexxhost:\nhttps://vexxhost.com/.well-known/openstack/api\n\n\nIt\u0027s just a thought, we can leave that as is and refactor later for sure","commit_id":"5cfe63de1a614630871bcfaab5a31a195bda89fc"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"3137d309c87535faf337fba02fea2ab634ace0bb","unresolved":false,"context_lines":[{"line_number":307,"context_line":"# define the process for security researchers to disclose security"},{"line_number":308,"context_line":"# vulnerabilities securely. For more information see https://securitytxt.org/"},{"line_number":309,"context_line":"# This content will be hosted at /security.txt and /.well-known/security.txt"},{"line_number":310,"context_line":"haproxy_security_txt_dir: \"/etc/haproxy\""},{"line_number":311,"context_line":"haproxy_security_txt_headers: |"},{"line_number":312,"context_line":"  HTTP/1.0 200 OK"},{"line_number":313,"context_line":"  Cache-Control: no-cache"},{"line_number":314,"context_line":"  Connection: close"},{"line_number":315,"context_line":"  Content-Type: text/html"},{"line_number":316,"context_line":""},{"line_number":317,"context_line":"# haproxy_security_txt_content: |"},{"line_number":318,"context_line":"#   # Please see https://securitytxt.org/ for details of the specification of this file"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"19b66602_ee3f30fd","line":315,"range":{"start_line":310,"start_character":0,"end_line":315,"end_character":25},"in_reply_to":"c9087e29_0b719933","updated":"2023-04-11 22:36:34.000000000","message":"forget that for now","commit_id":"5cfe63de1a614630871bcfaab5a31a195bda89fc"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"be0f6ed8a702fdb174575305784b9afa215c83bd","unresolved":true,"context_lines":[{"line_number":319,"context_line":"#   # Please see https://securitytxt.org/ for details of the specification of this file"},{"line_number":320,"context_line":""},{"line_number":321,"context_line":"# Allows to copy any static file to the destination hosts"},{"line_number":322,"context_line":"haproxy_static_files:"},{"line_number":323,"context_line":"  - dest: \"{{ haproxy_security_txt_dir }}/security.txt\""},{"line_number":324,"context_line":"    content: \"{{ haproxy_security_txt_headers + \u0027\\n\u0027 + haproxy_security_txt_content }}\""},{"line_number":325,"context_line":"    condition: \"{{ haproxy_security_txt_content is truthy }}\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"4a038d13_51186154","line":325,"range":{"start_line":322,"start_character":0,"end_line":325,"end_character":61},"updated":"2023-04-12 18:27:17.000000000","message":"let\u0027s then define this as empty list and combine with security.txt under the hood, so that user won\u0027t need to re-define whole security.txt stuff when they need to add an extra thing.","commit_id":"000f1a0f5137ca0ed7a2dde19fd5415a2ee880f8"},{"author":{"_account_id":32666,"name":"Damian Dąbrowski","email":"damian@dabrowski.cloud","username":"ddabrowski"},"change_message_id":"856f543e93ffe2dd83a52091747833af29009d73","unresolved":false,"context_lines":[{"line_number":319,"context_line":"#   # Please see https://securitytxt.org/ for details of the specification of this file"},{"line_number":320,"context_line":""},{"line_number":321,"context_line":"# Allows to copy any static file to the destination hosts"},{"line_number":322,"context_line":"haproxy_static_files:"},{"line_number":323,"context_line":"  - dest: \"{{ haproxy_security_txt_dir }}/security.txt\""},{"line_number":324,"context_line":"    content: \"{{ haproxy_security_txt_headers + \u0027\\n\u0027 + haproxy_security_txt_content }}\""},{"line_number":325,"context_line":"    condition: \"{{ haproxy_security_txt_content is truthy }}\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"ebfdcbc6_63416a81","line":325,"range":{"start_line":322,"start_character":0,"end_line":325,"end_character":61},"in_reply_to":"4a038d13_51186154","updated":"2023-04-12 18:39:06.000000000","message":"done","commit_id":"000f1a0f5137ca0ed7a2dde19fd5415a2ee880f8"}],"tasks/haproxy_pre_install.yml":[{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"21320b97ef03295a6590b3b59da6791fe028a58c","unresolved":true,"context_lines":[{"line_number":56,"context_line":"  copy:"},{"line_number":57,"context_line":"    content: \"{{ haproxy_security_txt_headers + \u0027\\n\u0027 + haproxy_security_txt_content }}\""},{"line_number":58,"context_line":"    dest: \"{{ haproxy_security_txt_dir }}/security.txt\""},{"line_number":59,"context_line":"  when: haproxy_security_txt_content is defined"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3768abf9_e07192cc","line":59,"range":{"start_line":59,"start_character":2,"end_line":59,"end_character":47},"updated":"2023-04-11 22:13:09.000000000","message":"I really don\u0027t like `is defined` condition, as it\u0027s sooo hard to make variable undefined if some logic is used. Can we just make it defined in default to empty string, and change condition to | length or just leave `when: haproxy_security_txt_content`?","commit_id":"5cfe63de1a614630871bcfaab5a31a195bda89fc"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"2dfe7004eb42ddb6eb7952554cb580ad2e360a72","unresolved":true,"context_lines":[{"line_number":52,"context_line":"    - /etc/haproxy/conf.d"},{"line_number":53,"context_line":"    - \"{{ haproxy_ssl_cert_path }}\""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"- name: Create security.txt file"},{"line_number":56,"context_line":"  copy:"},{"line_number":57,"context_line":"    content: \"{{ haproxy_security_txt_headers + \u0027\\n\u0027 + haproxy_security_txt_content }}\""},{"line_number":58,"context_line":"    dest: \"{{ haproxy_security_txt_dir }}/security.txt\""},{"line_number":59,"context_line":"  when: haproxy_security_txt_content is defined"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"69be72aa_8583d57c","line":59,"range":{"start_line":55,"start_character":2,"end_line":59,"end_character":47},"updated":"2023-04-12 06:59:09.000000000","message":"i think it would be really straightforward to make this completely general as it\u0027s just really calling the copy module directly.\n\nwe could have `haproxy_static_files: []` as a role default and use it from outside the role like this:\n\n    haproxy_static_files:\n      - dest: /etc/haproxy/security.txt\n        content: \"{{ haproxy_security_txt_headers + \u0027\\n\u0027 + haproxy_security_txt_content }}\"\n      - \u003cother static files here\u003e","commit_id":"5cfe63de1a614630871bcfaab5a31a195bda89fc"},{"author":{"_account_id":32666,"name":"Damian Dąbrowski","email":"damian@dabrowski.cloud","username":"ddabrowski"},"change_message_id":"dc0266e8ff86dbb7b26c64fde367bf6f8e0d0eb2","unresolved":false,"context_lines":[{"line_number":56,"context_line":"  copy:"},{"line_number":57,"context_line":"    content: \"{{ haproxy_security_txt_headers + \u0027\\n\u0027 + haproxy_security_txt_content }}\""},{"line_number":58,"context_line":"    dest: \"{{ haproxy_security_txt_dir }}/security.txt\""},{"line_number":59,"context_line":"  when: haproxy_security_txt_content is defined"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"5505ee1e_fe19e823","line":59,"range":{"start_line":59,"start_character":2,"end_line":59,"end_character":47},"in_reply_to":"3768abf9_e07192cc","updated":"2023-04-12 12:19:05.000000000","message":"sorry, i missed that comment before. fixed.","commit_id":"5cfe63de1a614630871bcfaab5a31a195bda89fc"},{"author":{"_account_id":32666,"name":"Damian Dąbrowski","email":"damian@dabrowski.cloud","username":"ddabrowski"},"change_message_id":"7127fe64114a3535f45c931d51b9bc20ca26521d","unresolved":true,"context_lines":[{"line_number":52,"context_line":"    - /etc/haproxy/conf.d"},{"line_number":53,"context_line":"    - \"{{ haproxy_ssl_cert_path }}\""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"- name: Create security.txt file"},{"line_number":56,"context_line":"  copy:"},{"line_number":57,"context_line":"    content: \"{{ haproxy_security_txt_headers + \u0027\\n\u0027 + haproxy_security_txt_content }}\""},{"line_number":58,"context_line":"    dest: \"{{ haproxy_security_txt_dir }}/security.txt\""},{"line_number":59,"context_line":"  when: haproxy_security_txt_content is defined"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"ab60a8be_821fcfd2","line":59,"range":{"start_line":55,"start_character":2,"end_line":59,"end_character":47},"in_reply_to":"69be72aa_8583d57c","updated":"2023-04-12 11:46:24.000000000","message":"i made it more general.\n\nBut are you sure that we really don\u0027t want to include security.txt feature out-of-the-box in haproxy role(and define empty `haproxy_static_files` by default)?\nsecurity.txt is not related only to openstack and will suit in mostly all usecases.\n\nplease check what i proposed in the latest patchset.","commit_id":"5cfe63de1a614630871bcfaab5a31a195bda89fc"},{"author":{"_account_id":28619,"name":"Dmitriy Rabotyagov","email":"noonedeadpunk@gmail.com","username":"noonedeadpunk"},"change_message_id":"be0f6ed8a702fdb174575305784b9afa215c83bd","unresolved":true,"context_lines":[{"line_number":57,"context_line":"    content: \"{{ item.content }}\""},{"line_number":58,"context_line":"    dest: \"{{ item.dest }}\""},{"line_number":59,"context_line":"  when:"},{"line_number":60,"context_line":"    - (item.condition | default(True)) is true"},{"line_number":61,"context_line":"  loop: \"{{ haproxy_static_files }}\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"f2ce4947_f4d83dcc","line":60,"range":{"start_line":60,"start_character":38,"end_line":60,"end_character":46},"updated":"2023-04-12 18:27:17.000000000","message":"it\u0027s redundant imo.","commit_id":"000f1a0f5137ca0ed7a2dde19fd5415a2ee880f8"},{"author":{"_account_id":32666,"name":"Damian Dąbrowski","email":"damian@dabrowski.cloud","username":"ddabrowski"},"change_message_id":"856f543e93ffe2dd83a52091747833af29009d73","unresolved":false,"context_lines":[{"line_number":57,"context_line":"    content: \"{{ item.content }}\""},{"line_number":58,"context_line":"    dest: \"{{ item.dest }}\""},{"line_number":59,"context_line":"  when:"},{"line_number":60,"context_line":"    - (item.condition | default(True)) is true"},{"line_number":61,"context_line":"  loop: \"{{ haproxy_static_files }}\""}],"source_content_type":"text/x-yaml","patch_set":4,"id":"73e4f5a4_bcd88669","line":60,"range":{"start_line":60,"start_character":38,"end_line":60,"end_character":46},"in_reply_to":"f2ce4947_f4d83dcc","updated":"2023-04-12 18:39:06.000000000","message":"Done","commit_id":"000f1a0f5137ca0ed7a2dde19fd5415a2ee880f8"}]}
