From a833b682db38b5c9bfcd5f528faabd7aa8862b48 Mon Sep 17 00:00:00 2001
From: Scott Hussey <sh8121@att.com>
Date: Fri, 18 Jan 2019 15:55:45 -0600
Subject: [PATCH] (security) Optionally only allow MAAS api access

- MAAS does not allow you to turn off the gui which
  may be desired in some scenarios. Use Ingress rules
  to do so optionally.

Change-Id: I22f637ebd2dbbd7c552fd4644bcf27cc9b9661d8
---
 charts/maas/templates/ingress-region.yaml | 4 ++++
 charts/maas/values.yaml                   | 1 +
 2 files changed, 5 insertions(+)

diff --git a/charts/maas/templates/ingress-region.yaml b/charts/maas/templates/ingress-region.yaml
index 9801fae..089f97f 100644
--- a/charts/maas/templates/ingress-region.yaml
+++ b/charts/maas/templates/ingress-region.yaml
@@ -27,7 +27,11 @@ spec:
     - host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
       http:
         paths:
+{{- if .Values.conf.maas.ingress_disable_gui }}
+          - path: /MAAS/api
+{{- else }}
           - path: /
+{{- end }}
             backend:
               serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
               servicePort: region-api
diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml
index 7be752f..f475f43 100644
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@@ -154,6 +154,7 @@ conf:
     override:
     append:
     http_boot: true
+    ingress_disable_gui: false
     ntp:
       # These options allow you to mock out the ntpd binary within the container
       # by overwriting it with a script that simply sleeps - this is useful in