From 2828a51ef97acbe2890615910362411c8a525836 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Thu, 4 Nov 2021 15:50:10 -0700
Subject: [PATCH] Run haproxy-statsd as uid 1000

This aligns it with what we have done for zookeeper-statsd.

Change-Id: Ida0e3c3e7dbcaf915119f7e2677edf95c7550eea
---
 docker/haproxy-statsd/Dockerfile                     | 12 ++++++++++++
 .../roles/haproxy/files/docker/docker-compose.yaml   |  1 +
 2 files changed, 13 insertions(+)

diff --git a/docker/haproxy-statsd/Dockerfile b/docker/haproxy-statsd/Dockerfile
index 939933847b..8d1ed92563 100644
--- a/docker/haproxy-statsd/Dockerfile
+++ b/docker/haproxy-statsd/Dockerfile
@@ -17,4 +17,16 @@ FROM docker.io/opendevorg/python-base:3.9-bullseye
 
 COPY haproxy-statsd.py /usr/local/bin
 RUN pip install statsd
+
+# 1000 is what haproxy's stats socket defaults to.
+RUN addgroup haproxy --gid 1000 --system \
+  && adduser \
+    --system \
+    --uid 1000 \
+    --home /home/haproxy \
+    --shell /bin/bash \
+    --ingroup haproxy \
+    haproxy
+
+USER 1000:1000
 CMD ["/usr/local/bin/haproxy-statsd.py"]
diff --git a/playbooks/roles/haproxy/files/docker/docker-compose.yaml b/playbooks/roles/haproxy/files/docker/docker-compose.yaml
index e8a699c218..4eb63e3ec7 100644
--- a/playbooks/roles/haproxy/files/docker/docker-compose.yaml
+++ b/playbooks/roles/haproxy/files/docker/docker-compose.yaml
@@ -46,6 +46,7 @@ services:
     restart: always
     image: docker.io/opendevorg/haproxy-statsd:latest
     network_mode: host
+    user: "1000:1000"
     volumes:
       - /var/haproxy/run:/var/haproxy/run
     environment: