Remove security.txt parts

Keystone is no longer responsible for storing and serving security.txt file. It is now fully handled by haproxy. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/880110 Change-Id: Iefd090dce0441f81eb4d5b203f61a4587a5beedb
2023-04-11 23:08:57 +02:00 · 2023-04-11 23:08:57 +02:00 · 59f04a63c5
parent a020ff87cd
commit 59f04a63c5
3 changed files with 0 additions and 33 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -194,18 +194,6 @@ keystone_use_uwsgi: false
 #
 keystone_web_server_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"

-## security.txt
-# When security risks in web services are discovered by independent security
-# researchers who understand the severity of the risk, they often lack the
-# channels to disclose them properly. As a result, security issues may be
-# left unreported. security.txt defines a standard to help organizations
-# define the process for security researchers to disclose security
-# vulnerabilities securely. For more information see https://securitytxt.org/
-# This content will be hosted at /security.txt and /.well-known/security.txt
-keystone_security_txt_dir: "/var/www/html"
-# keystone_security_txt_content: |
-#   # Please see https://securitytxt.org/ for details of the specification of this file
-
 ## Apache setup
 keystone_apache_log_level: info
 keystone_apache_custom_log_format: combined
--- a/tasks/main_pre.yml
+++ b/tasks/main_pre.yml
@ -67,17 +67,10 @@
      owner: root
      group: root
    - path: "/var/www/cgi-bin/keystone"
-    - path: "{{ keystone_security_txt_dir }}"
    - path: "/etc/ansible/facts.d"
      owner: root
      group: root

- name: Create security.txt file
-  copy:
-    content: "{{ keystone_security_txt_content }}"
-    dest: "{{ keystone_security_txt_dir }}/security.txt"
-  when: keystone_security_txt_content is defined
-
 - import_tasks: keystone_key_setup.yml
  tags:
    - keystone-install
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -140,20 +140,6 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
    ProxyPass /Shibboleth.sso !
    {% endif -%}

-    {% if keystone_security_txt_content is defined %}
-    AliasMatch "^/(.*)/security.txt$" "{{ keystone_security_txt_dir }}/security.txt"
-
-    <Directory "{{ keystone_security_txt_dir }}">
-        Options None
-        AllowOverride None
-        Order allow,deny
-        Allow from all
-    </Directory>
-
-    ProxyPass /security.txt !
-    ProxyPass /.well-known/security.txt !
-    {%- endif %}
-
    ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}/

 </VirtualHost>