feat: introduce additional flag for health check with proxy protocol

Author: b1tamara

jobs/haproxy/spec

@@ -577,6 +577,9 @@ properties:
   ha_proxy.disable_health_check_proxy:
     description: "Disables the use of the PROXY protocol for health checks. Only applies if `ha_proxy.accept_proxy` is enabled."
     default: false
+  ha_proxy.enable_additional_health_check_proxy:
+      description: "Enable the additional health check listener with use of the PROXY protocol"
+      default: false
   ha_proxy.binding_ip:
     description: "If there are multiple ethernet interfaces, specify which one to bind. Set to `::` to bind to all IPv6 interfaces (no IPv4). IPv6 must be enabled on the HAProxy VM in the deployment manifest."
     default: ""

jobs/haproxy/templates/haproxy.config.erb

@@ -385,7 +385,7 @@ listen health_check_http_url
     acl http-routers_down nbsrv(<%= backends.first[:name] %>) eq 0
     monitor fail if http-routers_down
 
-<%- if p("ha_proxy.expect_proxy_cidrs", []).size > 0 -%>
+<%- if p("ha_proxy.expect_proxy_cidrs", []).size > 0 || p("ha_proxy.enable_additional_health_check_proxy") -%>
 listen health_check_http_url_proxy_protocol
     bind :<%= p("ha_proxy.health_check_port") + 1 %> accept-proxy
     mode http
@@ -1101,7 +1101,7 @@ listen health_check_http_tcp-<%= tcp_proxy["name"] %>
     acl tcp-<%= tcp_proxy["name"] %>-routers_down nbsrv(tcp-<%= tcp_proxy["name"] %>) eq 0
     monitor fail if tcp-<%= tcp_proxy["name"] %>-routers_down
 
-    <%- if p("ha_proxy.expect_proxy_cidrs", []).size > 0 -%>
+    <%- if p("ha_proxy.expect_proxy_cidrs", []).size > 0 || p("ha_proxy.enable_additional_health_check_proxy") -%>
 listen health_check_http_tcp-<%= tcp_proxy["name"] %>_proxy_protocol
     bind :<%= tcp_proxy["health_check_http"] + 1 %> accept-proxy
     mode http

spec/haproxy/templates/haproxy_config/healthcheck_listener_spec.rb

@@ -9,6 +9,7 @@
 
   context 'when ha_proxy.enable_health_check_http is true' do
     let(:healthcheck_listener) { haproxy_conf['listen health_check_http_url'] }
+    let(:healthcheck_listener_proxy_protocol) { haproxy_conf['listen health_check_http_url_proxy_protocol'] }
 
     let(:properties) do
       {
@@ -84,6 +85,35 @@
           expect(healthcheck_listener).not_to include('tcp-request connection expect-proxy layer4 unless LOCALHOST')
         end
       end
+
+      context 'when ha_proxy.enable_additional_health_check_proxy is also true' do
+        let(:properties) do
+          {
+            'enable_health_check_http' => true,
+            'accept_proxy' => true,
+            'enable_additional_health_check_proxy' => true
+          }
+        end
+
+        it 'sets expect-proxy for the healthcheck' do
+          expect(healthcheck_listener).to include('tcp-request connection expect-proxy layer4 unless LOCALHOST')
+          expect(healthcheck_listener_proxy_protocol).to include('bind :8081 accept-proxy')
+        end
+      end
+      
+      context 'when ha_proxy.enable_additional_health_check_proxy is false but accept_proxy true' do
+        let(:properties) do
+          {
+            'enable_health_check_http' => true,
+            'accept_proxy' => true
+          }
+        end
+
+        it 'sets expect-proxy for the healthcheck' do
+          expect(healthcheck_listener).to include('tcp-request connection expect-proxy layer4 unless LOCALHOST')
+          expect(haproxy_conf).not_to have_key('listen health_check_http_url_proxy_protocol')
+        end
+      end
     end
   end
 end