From 16669c578d7a3938a0aff5830e7f608e8d8eabdf Mon Sep 17 00:00:00 2001
From: efiacor <fiachra.corcoran@est.tech>
Date: Tue, 14 May 2019 09:10:20 +0000
Subject: [PATCH] Disable unsecure DMaaP NodePorts

Change-Id: I6d59e09b0273241c5c98cc60e323940bf84bacdd
Issue-ID: DMAAP-1152
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
---
 kubernetes/dmaap/components/dmaap-bc/templates/service.yaml       | 2 ++
 kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml  | 2 ++
 kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml  | 6 ++++--
 kubernetes/dmaap/components/message-router/templates/service.yaml | 2 ++
 kubernetes/dmaap/values.yaml                                      | 4 ++++
 5 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
index 4b51d44fa2..200988a3e2 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
@@ -27,10 +27,12 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     {{if eq .Values.service.type "NodePort" -}}
+    {{- if .Values.global.allow_http }}
     - port: {{ .Values.service.externalPort }}
       targetPort: {{ .Values.service.internalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
       name: {{ .Values.service.name }}
+    {{- end}}
     - port: {{ .Values.service.externalPort2 }}
       targetPort: {{ .Values.service.internalPort2 }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
index c935ce4ca6..633898c213 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
@@ -28,10 +28,12 @@ spec:
   type: {{.Values.config.dmaapDrNode.servicetype}}
   ports:
     {{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}}
+    {{- if .Values.global.allow_http }}
     - port: {{.Values.config.dmaapDrNode.externalPort}}
       targetPort: {{.Values.config.dmaapDrNode.internalPort}}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}}
       name: {{.Values.config.dmaapDrNode.name}}
+    {{- end}}
     - port: {{.Values.config.dmaapDrNode.externalPort2}}
       targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
index 691c9dcc9f..0b40389b55 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
@@ -30,7 +30,7 @@ metadata:
           "version": "v1",
           "url": "/",
           "protocol": "REST",
-          "port": "{{.Values.config.dmaapDrProv.externalPort}}",
+          "port": "{{.Values.config.dmaapDrProv.externalPort2}}",
           "visualRange":"1"
       }
       ]'
@@ -38,11 +38,13 @@ metadata:
 spec:
   type: {{.Values.config.dmaapDrProv.servicetype}}
   ports:
-    {{if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}}
+    {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" }}
+    {{- if .Values.global.allow_http }}
     - port: {{.Values.config.dmaapDrProv.externalPort}}
       targetPort: {{.Values.config.dmaapDrProv.internalPort}}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{.Values.config.dmaapDrProv.nodePort}}
       name: {{.Values.config.dmaapDrProv.name}}
+    {{- end}}
     - port: {{.Values.config.dmaapDrProv.externalPort2}}
       targetPort: {{.Values.config.dmaapDrProv.internalPort2}}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{.Values.config.dmaapDrProv.nodePort2}}
diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml
index dfd90b28f2..1bce881a8e 100644
--- a/kubernetes/dmaap/components/message-router/templates/service.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/service.yaml
@@ -39,9 +39,11 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     {{if eq .Values.service.type "NodePort" -}}
+    {{- if .Values.global.allow_http }}
     - port: {{ .Values.service.externalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
       name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+    {{- end}}
     - port: {{ .Values.service.externalPort2 }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index aa5165d443..333a3e3f6d 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -23,6 +23,10 @@ global:
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   clientImage: onap/dmaap/dbc-client:1.0.9
+
+#Global DMaaP app config
+  allow_http: false
+
 # application configuration
 config:
   logstashServiceName: log-ls
-- 
2.16.6