From 2f0d7298c8c013f6c4f93cf67a104ae01ee752fa Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Date: Sun, 4 Feb 2024 21:07:44 +0100
Subject: [PATCH] feat(stats): support multiple sockets

This is useful to implement sockets with different access levels.
The existing stats pillar is left in tact.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 haproxy/templates/haproxy.jinja |  3 +++
 pillar.example                  | 13 +++++++++++++
 test/salt/pillar/default.sls    |  8 ++++++++
 3 files changed, 24 insertions(+)

diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja
index 0f014cc..f297695 100644
--- a/haproxy/templates/haproxy.jinja
+++ b/haproxy/templates/haproxy.jinja
@@ -45,6 +45,9 @@ global
 {%- if salt['pillar.get']('haproxy:global:daemon', 'no') == True %}
     daemon
 {%- endif %}
+{%- for socket, socket_config in salt['pillar.get']('haproxy:global:stats_sockets', {}).items() %}
+    stats socket {{ socket }} mode {{ socket_config.get('mode', '0600') }} level {{ socket_config.get('level', 'user') }} user {{ socket_config.get('user', 'haproxy') }} group {{ socket_config.get('group', 'haproxy') }}
+{%- endfor %}
 {%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
   {%- set socketpath = salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') %}
   {%- set mode = salt['pillar.get']('haproxy:global:stats:mode', '660') %}
diff --git a/pillar.example b/pillar.example
index 1daeab4..c543bfe 100644
--- a/pillar.example
+++ b/pillar.example
@@ -32,6 +32,19 @@ haproxy:
       # yamllint disable-line rule:line-length
       # Optional extra bind parameter, for example to set the owner/group on the socket file
       extra: user haproxy group haproxy
+    # alternative way of defining stats sockets, useful if multiple are are desired
+    stats_sockets:
+      /run/haproxy/stats-ro:
+        # the defaults
+        level: user
+        mode: 600
+        user: haproxy
+        group: haproxy
+      /run/haproxy/stats-rw:
+        # custom example
+        level: admin
+        mode: 660
+        group: sysadmins
     # yamllint disable-line rule:line-length
     ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
     ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls
index 47b33a7..a2774e4 100644
--- a/test/salt/pillar/default.sls
+++ b/test/salt/pillar/default.sls
@@ -29,6 +29,14 @@ haproxy:
       # yamllint disable-line rule:line-length
       # Optional extra bind parameter, for example to set the owner/group on the socket file
       extra: user haproxy group haproxy
+    stats_sockets:
+      /run/haproxy/stats-operator:
+        level: operator
+        mode: 660
+        group: wheel
+      /run/haproxy/stats-admin:
+        level: admin
+        mode: 600
     # yamllint disable-line rule:line-length
     ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
     ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"