Additional config settings anticipating AAF

Issue-ID: DMAAP-181
Change-Id: I733aa00988b35c2a75eb8e4a620d0b94e9445e17
Signed-off-by: ATT default cloud user <dgl@research.att.com>
diff --git a/misc/cert-client-init.sh b/misc/cert-client-init.sh
new file mode 100644
index 0000000..53701f8
--- /dev/null
+++ b/misc/cert-client-init.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+#
+#	This script is a placeholder for a local certificate authority (CA)
+#	to be a recognized certificate authority.
+#
+#	This script must be run as root.
+#
+#	Works on both CentOS and Ubuntu.
+#
+set -x
+cat >/tmp/aafcacert.crt <<'!EOF'
+-----BEGIN CERTIFICATE-----
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+*******   PUT REAL CERTIFICATE HERE ****************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+-----END CERTIFICATE-----
+!EOF
+chmod 444 /tmp/aafcacert.crt
+if [ -f /etc/redhat-release ]
+then
+	mv /tmp/aafcacert.crt /etc/pki/ca-trust/source/anchors/aafcacert.pem
+	update-ca-trust
+else
+	mv /tmp/aafcacert.crt /usr/local/share/ca-certificates/aafcacert.crt
+	update-ca-certificates
+fi
diff --git a/misc/dmaapbc b/misc/dmaapbc
index 83fc8c2..7ee0e68 100644
--- a/misc/dmaapbc
+++ b/misc/dmaapbc
@@ -34,6 +34,12 @@
 	fi
 	cd $APP_ROOT
 	source $CONTAINER_CONFIG
+	if [ ! -f $APP_ROOT/misc/cert-client-init.sh ]
+	then
+		echo "Did not find $APP_ROOT/misc/cert-client-init.sh to append to truststore"
+		exit 1
+	fi
+	$APP_ROOT/misc/cert-client-init.sh
 	. misc/dmaapbc.properties.tmpl > etc/dmaapbc.properties
     . misc/PolicyEngineApi.properties.tmpl > config/PolicyEngineApi.properties
 	set +x
diff --git a/misc/dmaapbc.properties.tmpl b/misc/dmaapbc.properties.tmpl
index 9af0d7e..c60d689 100644
--- a/misc/dmaapbc.properties.tmpl
+++ b/misc/dmaapbc.properties.tmpl
@@ -76,16 +76,52 @@
 #
 DR.provhost:	${DMAAPBC_DRPROV_FQDN:-dcae-drps.domain.notset.com}
 #
+# handling of feed delete
+# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
+# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL.  Better for cfy environments
+Feed.deleteHandling: ${DMAAPBC_FEED_DELETE:-DeleteOnDR}
+
+################################################################################
+# MR Related Properties:
+#
+#   Value of the CNAME DNS entry which resolves to the primary central MR cluster (when there are more than one central clusters).
+#   if there is only one MR cluster in an environment, set this to the DNS name for that cluster
+#
+MR.CentralCname:  ${DMAAPBC_MR_CNAME:-notSet.onap.org}
+#
+#   MR Client Delete Level thoroughness:
+#   0 = don't delete
+#   1 = delete from persistent store
+#   2 = delete from persistent store (DB) and authorization store (AAF)
+MR.ClientDeleteLevel: 1
+#
+#   MR Topic Factory Namespace
+#
+MR.TopicFactoryNS: org.onap.dcae.dmaap.topicFactory
+#
+#   MR TopicMgr Role
+MR.TopicMgrRole:    org.onap.dmaapBC.TopicMgr
+
+#   MR topic name style
+MR.topicStyle:	FQTN_LEGACY_FORMAT
+
+#   MR topic ProjectID
+MR.projectID:  23456
+#
+# end of MR Related Properties
+################################################################################
+
+#
 #	The Role and credentials of the MirrorMaker Provisioner.  This is used by DMaaP Bus Controller to pub to the provisioning topic
 #   Not part of 1701
 #
-#MM.ProvRole: ${DMAAPBC_MMPROV_ROLE:-org.openecomp.dmaapBC.MMprov.prov}
-#MM.ProvUserMechId: ${DMAAPBC_MMPROV_ID:-idNotSet@namespaceNotSet}
-#MM.ProvUserPwd: ${DMAAPBC_MMPROV_PWD:-enc:fMxh-hzYZldbtyXumQq9aJU08SslhbM6mXtt}
+MM.ProvRole: ${DMAAPBC_MMPROV_ROLE:-org.onap.dmaapBC.MMprov.prov}
+MM.ProvUserMechId: ${DMAAPBC_MMPROV_ID:-idNotSet@namespaceNotSet}
+MM.ProvUserPwd: ${DMAAPBC_MMPROV_PWD:-pwdNotSet}
 #
 #	The Role of the MirrorMaker Agent. This is used by MM to sub to provisioning topic
 #
-MM.AgentRole: ${DMAAPBC_MMAGENT_ROLE:-org.openecomp.dmaapBC.MMagent.agent}
+MM.AgentRole: ${DMAAPBC_MMAGENT_ROLE:-org.onap.dmaapBC.MMagent.agent}
 #################
 # AAF Properties:
 #
@@ -107,9 +143,20 @@
 #
 CredentialCodecKeyfile:	${DMAAPBC_CODEC_KEYFILE:-etc/LocalKey}
 #
+# This overrides the Class used for Decryption.
+# This allows for a plugin encryption/decryption method if needed.
+# Call this Class for decryption at runtime.
+#AafDecryption.Class: com.company.proprietaryDecryptor 
+
+#
+# This overrides the Class used for API Permission check.
+# This allows for a plugin policy check, if needed
+#ApiPermission.Class: com.company.policy.DecisionPolicy
+
+#
 # URL of AAF environment to use.
 #
-aaf.URL:	${DMAAPBC_AAF_URL:-https://authentication.simpledemo.openecomp.org:8095/proxy/}
+aaf.URL:	${DMAAPBC_AAF_URL:-https://authentication.simpledemo.onap.org:8095/proxy/}
 #
 # TopicMgr mechid@namespace
 #
@@ -117,7 +164,7 @@
 #
 # TopicMgr password
 # 
-aaf.TopicMgrPassword:	${DMAAPBC_TOPICMGR_PWD:-enc:zyRL9zbI0py3rJAjMS0dFOnYfEw_mJhO}
+aaf.TopicMgrPassword:	${DMAAPBC_TOPICMGR_PWD:-pwdNotSet}
 #
 # Bus Controller Namespace Admin  mechid@namespace
 #
@@ -125,7 +172,7 @@
 #
 # Bus Controller Namespace Admin password
 #
-aaf.AdminPassword:	${DMAAPBC_ADMIN_PWD:-enc:YEaHwOJrwhDY8a6usetlhbB9mEjUq9m}
+aaf.AdminPassword:	${DMAAPBC_ADMIN_PWD:-pwdNotSet}
 #
 # endof AAF Properties
 #################
@@ -139,14 +186,18 @@
 # where X is:  TEST= UAT, PROD = PROD, DEVL = TEST
 #
 PeAafEnvironment: ${DMAAPBC_PE_AAF_ENV:-DEVL}
+PeAafUrl.DEVL:  https://aafdev.onap.org:8095/proxy/
+PeAafUrl.TEST:  https://aafist..onap.org:8095/proxy/
+PeAafUrl.PROD:  https://aafprod.onap.org:8095/proxy/
+
 #
 # Name of PolicyEngineApi properties file
 PolicyEngineProperties: config/PolicyEngineApi.properties
 #
 # Namespace for URI values for API used to create AAF permissions
 # e.g. if ApiNamespace is X.Y..dmaapBC.api then for URI /topics we create an AAF perm X.Y..dmaapBC.api.topics
-ApiNamespace: org.openecomp.dmaapBC.api
+ApiNamespace: ${DMAAPBC_API_NAMESPACE:-org.onap.dmaapBC.api}
 #
 # endof PolicyEngineProperties
 #################
-!EOF
\ No newline at end of file
+!EOF