From c9cfd4f56408f31316796cf92c60eff35c0e297a Mon Sep 17 00:00:00 2001
From: ahusic <ahusic@haproxy.com>
Date: Wed, 6 May 2020 13:11:44 +0200
Subject: [PATCH] FEATURE/MEDIUM: userList: generate random secure password

This change previously hard coded password usage and instead use generated password.
So, on every start up a random password is generated and saved to HAProxy conf.
---
 haproxy/config.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/haproxy/config.go b/haproxy/config.go
index 4412408..6ce99e0 100644
--- a/haproxy/config.go
+++ b/haproxy/config.go
@@ -1,6 +1,8 @@
 package haproxy
 
 import (
+	"crypto/rand"
+	"encoding/base64"
 	"io/ioutil"
 	"os"
 	"path"
@@ -14,9 +16,10 @@ import (
 
 const (
 	dataplaneUser = "haproxy"
-	dataplanePass = "pass"
 )
 
+var dataplanePass string
+
 var baseCfgTmpl = `
 global
 	master-worker
@@ -105,6 +108,8 @@ func newHaConfig(baseDir string, sd *lib.Shutdown) (*haConfig, error) {
 	}
 	defer cfgFile.Close()
 
+	dataplanePass = createRandomString()
+
 	err = tmpl.Execute(cfgFile, baseParams{
 		NbThread:      runtime.GOMAXPROCS(0),
 		SocketPath:    cfg.StatsSock,
@@ -131,3 +136,9 @@ func newHaConfig(baseDir string, sd *lib.Shutdown) (*haConfig, error) {
 
 	return cfg, nil
 }
+
+func createRandomString() string {
+	randBytes := make([]byte, 32)
+	_, _ = rand.Read(randBytes)
+	return base64.URLEncoding.EncodeToString(randBytes)
+}