From 08ffc3970302b334d228a5345c5d581b01dc40ac Mon Sep 17 00:00:00 2001
From: Kai Hudalla <sophokles.kh@gmail.com>
Date: Tue, 28 Mar 2023 14:02:32 +0200
Subject: [PATCH] [#3478] Disable insecure ports in Sandbox deployment

Fixes #3478

Signed-off-by: Kai Hudalla <sophokles.kh@gmail.com>
---
 deploy/src/main/sandbox/hono-values.yml | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/deploy/src/main/sandbox/hono-values.yml b/deploy/src/main/sandbox/hono-values.yml
index 7e20ce2a7b..d8f9891c22 100644
--- a/deploy/src/main/sandbox/hono-values.yml
+++ b/deploy/src/main/sandbox/hono-values.yml
@@ -19,6 +19,7 @@ messagingNetworkTypes:
 
 amqpMessagingNetworkExample:
   enabled: true
+  insecurePortEnabled: false
   dispatchRouter:
     uidFormat: "n"
     adapterUids: "hono.eclipseprojects.io"
@@ -46,11 +47,10 @@ adapters:
     imageName: "eclipse/hono-adapter-http-native"
     hono:
       http:
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         keyPath: "/opt/hono/tls/tls.key"
         certPath: "/opt/hono/tls/tls.crt"
-        insecurePortEnabled: true
-        insecurePortBindAddress: "0.0.0.0"
         idleTimeout: 20
         jmsVendorPropsEnabled: true
         maxPayloadSize: 8096
@@ -70,11 +70,10 @@ adapters:
     imageName: "eclipse/hono-adapter-mqtt-native"
     hono:
       mqtt:
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         keyPath: "/opt/hono/tls/tls.key"
         certPath: "/opt/hono/tls/tls.crt"
-        insecurePortEnabled: true
-        insecurePortBindAddress: "0.0.0.0"
         jmsVendorPropsEnabled: true
         maxPayloadSize: 8096
         tenantIdleTimeout: "1h"
@@ -94,11 +93,10 @@ adapters:
     imageName: "eclipse/hono-adapter-amqp-native"
     hono:
       amqp:
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         keyPath: "/opt/hono/tls/tls.key"
         certPath: "/opt/hono/tls/tls.crt"
-        insecurePortEnabled: true
-        insecurePortBindAddress: "0.0.0.0"
         tenantIdleTimeout: "1h"
         maxConnections: 200
     tlsKeysSecret: "sandbox-tls"
@@ -116,6 +114,7 @@ adapters:
     imageName: "eclipse/hono-adapter-coap-native"
     hono:
       coap:
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         port: 5684
         keyPath: "/opt/hono/tls/tls.key"
@@ -168,11 +167,10 @@ deviceRegistryExample:
         certPath: "/opt/hono/tls/tls.crt"
       http:
         authenticationRequired: false
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         keyPath: "/opt/hono/tls/tls.key"
         certPath: "/opt/hono/tls/tls.crt"
-        insecurePortEnabled: true
-        insecurePortBindAddress: "0.0.0.0"
       svc:
         maxDevicesPerTenant: 10
   tlsKeysSecret: "sandbox-tls"
@@ -227,10 +225,11 @@ kafka:
   ## 10MB
   logSegmentBytes: _10485760
   auth:
-    # no TLS. That would be "sasl_tls"
-    clientProtocol: "sasl"
     tls:
-      existingSecrets: []
+      type: "pem"
+      pemChainIncluded: true
+      existingSecrets:
+      - "sandbox-tls"
   externalAccess:
     autoDiscovery:
       enabled: false