Description
Hey folks,
I've discovered that when reading the haproxy.cfg for the dataplaneapi user list, environment variables aren't interpolated into the file. It's not clear exactly what sort of behaviour should/would be when environment variables are provided; e.g. should the dataplaneapi use the environment variables of a running haproxy or use it's own env vars to inject into the file?
Either way given the following userlist:
userlist default-haproxy-dataplane
user "$HAPROXY_DATAPLANE_USER" insecure-password "$HAPROXY_DATAPLANE_PASS"
user static insecure-password static
and the following environment variables set for both haproxy and dataplaneapi:
HAPROXY_DATAPLANE_USER=admin
HAPROXY_DATAPLANE_PASS=mypassword
Running this command will fail with a 401 unauthorized:
curl -u admin:mypassword http://localhost:5555/v3/info
Running this command will succeed outputting info:
curl -u static:static http://localhost:5555/v3/info
I think the minimum fix for this is clearly documenting that environment variables don't work for the dataplane userlist, with an ideal fix being changing the dataplaneapi to interpolate it's own env variables into the file (which should mean they're inherrited when run via haproxy) and have that behaviour clearly documented.