Additional config settings anticipating AAF
Issue-ID: DMAAP-181
Change-Id: I733aa00988b35c2a75eb8e4a620d0b94e9445e17
Signed-off-by: ATT default cloud user <dgl@research.att.com>
diff --git a/misc/cert-client-init.sh b/misc/cert-client-init.sh
new file mode 100644
index 0000000..53701f8
--- /dev/null
+++ b/misc/cert-client-init.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+#
+# This script is a placeholder for a local certificate authority (CA)
+# to be a recognized certificate authority.
+#
+# This script must be run as root.
+#
+# Works on both CentOS and Ubuntu.
+#
+set -x
+cat >/tmp/aafcacert.crt <<'!EOF'
+-----BEGIN CERTIFICATE-----
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+******* PUT REAL CERTIFICATE HERE ****************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+****************************************************************
+-----END CERTIFICATE-----
+!EOF
+chmod 444 /tmp/aafcacert.crt
+if [ -f /etc/redhat-release ]
+then
+ mv /tmp/aafcacert.crt /etc/pki/ca-trust/source/anchors/aafcacert.pem
+ update-ca-trust
+else
+ mv /tmp/aafcacert.crt /usr/local/share/ca-certificates/aafcacert.crt
+ update-ca-certificates
+fi
diff --git a/misc/dmaapbc b/misc/dmaapbc
index 83fc8c2..7ee0e68 100644
--- a/misc/dmaapbc
+++ b/misc/dmaapbc
@@ -34,6 +34,12 @@
fi
cd $APP_ROOT
source $CONTAINER_CONFIG
+ if [ ! -f $APP_ROOT/misc/cert-client-init.sh ]
+ then
+ echo "Did not find $APP_ROOT/misc/cert-client-init.sh to append to truststore"
+ exit 1
+ fi
+ $APP_ROOT/misc/cert-client-init.sh
. misc/dmaapbc.properties.tmpl > etc/dmaapbc.properties
. misc/PolicyEngineApi.properties.tmpl > config/PolicyEngineApi.properties
set +x
diff --git a/misc/dmaapbc.properties.tmpl b/misc/dmaapbc.properties.tmpl
index 9af0d7e..c60d689 100644
--- a/misc/dmaapbc.properties.tmpl
+++ b/misc/dmaapbc.properties.tmpl
@@ -76,16 +76,52 @@
#
DR.provhost: ${DMAAPBC_DRPROV_FQDN:-dcae-drps.domain.notset.com}
#
+# handling of feed delete
+# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
+# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments
+Feed.deleteHandling: ${DMAAPBC_FEED_DELETE:-DeleteOnDR}
+
+################################################################################
+# MR Related Properties:
+#
+# Value of the CNAME DNS entry which resolves to the primary central MR cluster (when there are more than one central clusters).
+# if there is only one MR cluster in an environment, set this to the DNS name for that cluster
+#
+MR.CentralCname: ${DMAAPBC_MR_CNAME:-notSet.onap.org}
+#
+# MR Client Delete Level thoroughness:
+# 0 = don't delete
+# 1 = delete from persistent store
+# 2 = delete from persistent store (DB) and authorization store (AAF)
+MR.ClientDeleteLevel: 1
+#
+# MR Topic Factory Namespace
+#
+MR.TopicFactoryNS: org.onap.dcae.dmaap.topicFactory
+#
+# MR TopicMgr Role
+MR.TopicMgrRole: org.onap.dmaapBC.TopicMgr
+
+# MR topic name style
+MR.topicStyle: FQTN_LEGACY_FORMAT
+
+# MR topic ProjectID
+MR.projectID: 23456
+#
+# end of MR Related Properties
+################################################################################
+
+#
# The Role and credentials of the MirrorMaker Provisioner. This is used by DMaaP Bus Controller to pub to the provisioning topic
# Not part of 1701
#
-#MM.ProvRole: ${DMAAPBC_MMPROV_ROLE:-org.openecomp.dmaapBC.MMprov.prov}
-#MM.ProvUserMechId: ${DMAAPBC_MMPROV_ID:-idNotSet@namespaceNotSet}
-#MM.ProvUserPwd: ${DMAAPBC_MMPROV_PWD:-enc:fMxh-hzYZldbtyXumQq9aJU08SslhbM6mXtt}
+MM.ProvRole: ${DMAAPBC_MMPROV_ROLE:-org.onap.dmaapBC.MMprov.prov}
+MM.ProvUserMechId: ${DMAAPBC_MMPROV_ID:-idNotSet@namespaceNotSet}
+MM.ProvUserPwd: ${DMAAPBC_MMPROV_PWD:-pwdNotSet}
#
# The Role of the MirrorMaker Agent. This is used by MM to sub to provisioning topic
#
-MM.AgentRole: ${DMAAPBC_MMAGENT_ROLE:-org.openecomp.dmaapBC.MMagent.agent}
+MM.AgentRole: ${DMAAPBC_MMAGENT_ROLE:-org.onap.dmaapBC.MMagent.agent}
#################
# AAF Properties:
#
@@ -107,9 +143,20 @@
#
CredentialCodecKeyfile: ${DMAAPBC_CODEC_KEYFILE:-etc/LocalKey}
#
+# This overrides the Class used for Decryption.
+# This allows for a plugin encryption/decryption method if needed.
+# Call this Class for decryption at runtime.
+#AafDecryption.Class: com.company.proprietaryDecryptor
+
+#
+# This overrides the Class used for API Permission check.
+# This allows for a plugin policy check, if needed
+#ApiPermission.Class: com.company.policy.DecisionPolicy
+
+#
# URL of AAF environment to use.
#
-aaf.URL: ${DMAAPBC_AAF_URL:-https://authentication.simpledemo.openecomp.org:8095/proxy/}
+aaf.URL: ${DMAAPBC_AAF_URL:-https://authentication.simpledemo.onap.org:8095/proxy/}
#
# TopicMgr mechid@namespace
#
@@ -117,7 +164,7 @@
#
# TopicMgr password
#
-aaf.TopicMgrPassword: ${DMAAPBC_TOPICMGR_PWD:-enc:zyRL9zbI0py3rJAjMS0dFOnYfEw_mJhO}
+aaf.TopicMgrPassword: ${DMAAPBC_TOPICMGR_PWD:-pwdNotSet}
#
# Bus Controller Namespace Admin mechid@namespace
#
@@ -125,7 +172,7 @@
#
# Bus Controller Namespace Admin password
#
-aaf.AdminPassword: ${DMAAPBC_ADMIN_PWD:-enc:YEaHwOJrwhDY8a6usetlhbB9mEjUq9m}
+aaf.AdminPassword: ${DMAAPBC_ADMIN_PWD:-pwdNotSet}
#
# endof AAF Properties
#################
@@ -139,14 +186,18 @@
# where X is: TEST= UAT, PROD = PROD, DEVL = TEST
#
PeAafEnvironment: ${DMAAPBC_PE_AAF_ENV:-DEVL}
+PeAafUrl.DEVL: https://aafdev.onap.org:8095/proxy/
+PeAafUrl.TEST: https://aafist..onap.org:8095/proxy/
+PeAafUrl.PROD: https://aafprod.onap.org:8095/proxy/
+
#
# Name of PolicyEngineApi properties file
PolicyEngineProperties: config/PolicyEngineApi.properties
#
# Namespace for URI values for API used to create AAF permissions
# e.g. if ApiNamespace is X.Y..dmaapBC.api then for URI /topics we create an AAF perm X.Y..dmaapBC.api.topics
-ApiNamespace: org.openecomp.dmaapBC.api
+ApiNamespace: ${DMAAPBC_API_NAMESPACE:-org.onap.dmaapBC.api}
#
# endof PolicyEngineProperties
#################
-!EOF
\ No newline at end of file
+!EOF