FEATURE/MEDIUM: userList: generate random secure password

This change previously hard coded password usage and instead use generated password. So, on every start up a random password is generated and saved to HAProxy conf.
haproxytech · May 7, 2020 · c9cfd4f · c9cfd4f
1 parent faede19
commit c9cfd4f
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/haproxy/config.go b/haproxy/config.go
@@ -1,6 +1,8 @@
 package haproxy
 
 import (
+	"crypto/rand"
+	"encoding/base64"
 	"io/ioutil"
 	"os"
 	"path"
@@ -14,9 +16,10 @@ import (
 
 const (
 	dataplaneUser = "haproxy"
-	dataplanePass = "pass"
 )
 
+var dataplanePass string
+
 var baseCfgTmpl = `
 global
 	master-worker
@@ -105,6 +108,8 @@ func newHaConfig(baseDir string, sd *lib.Shutdown) (*haConfig, error) {
 	}
 	defer cfgFile.Close()
 
+	dataplanePass = createRandomString()
+
 	err = tmpl.Execute(cfgFile, baseParams{
 		NbThread:      runtime.GOMAXPROCS(0),
 		SocketPath:    cfg.StatsSock,
@@ -131,3 +136,9 @@ func newHaConfig(baseDir string, sd *lib.Shutdown) (*haConfig, error) {
 
 	return cfg, nil
 }
+
+func createRandomString() string {
+	randBytes := make([]byte, 32)
+	_, _ = rand.Read(randBytes)
+	return base64.URLEncoding.EncodeToString(randBytes)
+}