[DMAAP-DR] Migrate csit suite to the repo

Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I284f6b235ef3bf3cd2685da488d89f41fcba1ea7
Issue-ID: DMAAP-1636

14 files changed, 554 insertions, 0 deletions

diff --git a/csit/scripts/dmaap-datarouter/datarouter-launch.sh b/csit/scripts/dmaap-datarouter/datarouter-launch.sh
new file mode 100644
index 00000000..6d38913d
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/datarouter-launch.sh
@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+function dmaap_dr_launch() {
+
+    subscribers_required=$1
+    mkdir -p ${WORKSPACE}/archives/dmaap/dr/last_run_logs
+
+    # start DMaaP DR containers with docker compose and configuration from docker-compose.yml
+    docker login -u docker -p docker nexus3.onap.org:10001
+    if [[ ${subscribers_required} == true ]]; then
+        docker-compose -f ${WORKSPACE}/scripts/dmaap-datarouter/docker-compose/docker-compose.yml up -d
+    else
+        docker-compose -f ${WORKSPACE}/scripts/dmaap-datarouter/docker-compose/docker-compose.yml up -d datarouter-prov datarouter-node mariadb
+    fi
+
+    # Wait for initialization of Docker container for datarouter-node, datarouter-prov and mariadb
+    for i in 1 2 3 4 5 6 7 8 9 10; do
+        if [[ $(docker inspect --format '{{ .State.Running }}' datarouter-node) ]] && \
+            [[ $(docker inspect --format '{{ .State.Running }}' datarouter-prov) ]] && \
+            [[ $(docker inspect --format '{{ .State.Running }}' mariadb) ]]
+        then
+            echo "DR Service Running"
+            break
+        else
+            echo sleep ${i}
+            sleep ${i}
+        fi
+    done
+
+    # Wait for healthy container datarouter-prov
+    for i in 1 2 3 4 5 6 7 8 9 10; do
+        if [[ "$(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)" = 'healthy' ]]
+        then
+            echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)
+            echo "DR Service Running, datarouter-prov container is healthy"
+            break
+        else
+            echo datarouter-prov.State.Health.Status is $(docker inspect --format '{{ .State.Health.Status }}' datarouter-prov)
+            echo sleep ${i}
+            sleep ${i}
+            if [[ ${i} = 10 ]]
+            then
+                echo datarouter-prov container is not in healthy state - the test is not made, teardown...
+                docker-compose rm -sf
+                exit 1
+            fi
+        fi
+    done
+
+    DR_PROV_IP=`get-instance-ip.sh datarouter-prov`
+    DR_NODE_IP=`get-instance-ip.sh datarouter-node`
+    DR_GATEWAY_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' datarouter-prov)
+    echo DR_PROV_IP=${DR_PROV_IP}
+    echo DR_NODE_IP=${DR_NODE_IP}
+    echo DR_GATEWAY_IP=${DR_GATEWAY_IP}
+    if [[ ${subscribers_required} == true ]]
+    then
+        DR_SUB_IP=`get-instance-ip.sh subscriber-node`
+        DR_SUB2_IP=`get-instance-ip.sh subscriber-node2`
+        echo DR_SUB_IP=${DR_SUB_IP}
+        echo DR_SUB2_IP=${DR_SUB2_IP}
+    fi
+
+
+    sudo sed -i "$ a $DR_PROV_IP dmaap-dr-prov" /etc/hosts
+    sudo sed -i "$ a $DR_NODE_IP dmaap-dr-node" /etc/hosts
+
+    docker exec -i datarouter-prov sh -c "curl -k -X PUT https://$DR_PROV_IP:8443/internal/api/NODES?val=dmaap-dr-node\|$DR_GATEWAY_IP"
+    docker exec -i datarouter-prov sh -c "curl -k -X PUT https://$DR_PROV_IP:8443/internal/api/PROV_AUTH_ADDRESSES?val=dmaap-dr-prov\|$DR_GATEWAY_IP"
+
+    #Pass any variables required by Robot test suites in ROBOT_VARIABLES
+    ROBOT_VARIABLES="-v DR_PROV_IP:${DR_PROV_IP} -v DR_NODE_IP:${DR_NODE_IP} -v DR_SUB_IP:${DR_SUB_IP} -v DR_SUB2_IP:${DR_SUB2_IP}"
+}
\ No newline at end of file
diff --git a/csit/scripts/dmaap-datarouter/datarouter-teardown.sh b/csit/scripts/dmaap-datarouter/datarouter-teardown.sh
new file mode 100755
index 00000000..8958f28c
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/datarouter-teardown.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+# ============LICENSE_START===================================================
+#  Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+
+function teardown_dmaap_dr (){
+    cd ${WORKSPACE}/archives/dmaap/dr
+    rm -rf last_run_logs/*
+    docker cp datarouter-prov:/opt/app/datartr/logs last_run_logs/prov_logs
+    docker cp datarouter-node:/opt/app/datartr/logs last_run_logs/node_event_logs
+    docker cp datarouter-node:/var/log/onap/datarouter last_run_logs/node_server_logs
+    docker cp subscriber-node:/var/log/onap/datarouter last_run_logs/sub1_logs
+    docker cp subscriber-node2:/var/log/onap/datarouter last_run_logs/sub2_logs
+    sudo sed -i".bak" '/dmaap-dr-prov/d' /etc/hosts
+    sudo sed -i".bak" '/dmaap-dr-node/d' /etc/hosts
+    docker-compose -f ${WORKSPACE}/scripts/dmaap-datarouter/docker-compose/docker-compose.yml rm -sf
+    cd ${WORKSPACE}/scripts/dmaap-datarouter/robot_ssl
+    python -c 'import update_ca; update_ca.remove_onap_ca_cert()'
+}
\ No newline at end of file
diff --git a/csit/scripts/dmaap-datarouter/docker-compose/docker-compose.yml b/csit/scripts/dmaap-datarouter/docker-compose/docker-compose.yml
new file mode 100644
index 00000000..9140d0fc
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/docker-compose/docker-compose.yml
@@ -0,0 +1,118 @@
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2019-21 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+#
+version: '2.1'
+services:
+  datarouter-prov:
+    image: onap/dmaap/datarouter-prov:latest
+    container_name: datarouter-prov
+    hostname: dmaap-dr-prov
+    ports:
+    - "443:8443"
+    - "8443:8443"
+    - "8080:8080"
+    volumes:
+    - ./provserver.properties:/opt/app/datartr/etc/provserver.properties
+    - ../dr_certs/dr_prov/truststore.jks:/opt/app/osaaf/local/truststore.jks
+    - ../dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-prov.p12
+    - ../dr_certs/dr_prov/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props
+    depends_on:
+      mariadb:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://dmaap-dr-prov:8080/internal/prov"]
+      interval: 10s
+      timeout: 30s
+      retries: 5
+    networks:
+      net:
+        aliases:
+        - dmaap-dr-prov
+
+  datarouter-node:
+    image: onap/dmaap/datarouter-node:latest
+    container_name: datarouter-node
+    hostname: dmaap-dr-node
+    ports:
+    - "9443:8443"
+    - "9090:8080"
+    volumes:
+    - ./node.properties:/opt/app/datartr/etc/node.properties
+    - ../dr_certs/dr_node/truststore.jks:/opt/app/osaaf/local/truststore.jks
+    - ../dr_certs/dr_node/org.onap.dmaap-dr-node.p12:/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12
+    - ../dr_certs/dr_node/org.onap.dmaap-dr.cred.props:/opt/app/osaaf/local/org.onap.dmaap-dr.cred.props
+    depends_on:
+      datarouter-prov:
+        condition: service_healthy
+    networks:
+      net:
+        aliases:
+        - dmaap-dr-node
+
+  datarouter-subscriber:
+    image: onap/dmaap/datarouter-subscriber:latest
+    container_name: subscriber-node
+    hostname: subscriber.com
+    ports:
+    - "7070:7070"
+    volumes:
+    - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties
+    networks:
+      net:
+        aliases:
+        - subscriber.com
+
+  datarouter-subscriber2:
+    image: onap/dmaap/datarouter-subscriber:latest
+    container_name: subscriber-node2
+    hostname: subscriber2.com
+    ports:
+    - "7071:7070"
+    volumes:
+    - ./subscriber.properties:/opt/app/subscriber/etc/subscriber.properties
+    networks:
+      net:
+        aliases:
+        - subscriber2.com
+
+  mariadb:
+    image: nexus3.onap.org:10001/library/mariadb:10.2.14
+    container_name: mariadb
+    hostname: datarouter-mariadb
+    ports:
+    - "3306:3306"
+    environment:
+      MYSQL_ROOT_PASSWORD: datarouter
+      MYSQL_DATABASE: datarouter
+      MYSQL_USER: datarouter
+      MYSQL_PASSWORD: datarouter
+    healthcheck:
+      test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost", "-u", "datarouter", "-pdatarouter", "--silent"]
+      interval: 10s
+      timeout: 30s
+      retries: 5
+    networks:
+      net:
+        aliases:
+        - datarouter-mariadb
+
+networks:
+  net:
+    driver: bridge
diff --git a/csit/scripts/dmaap-datarouter/docker-compose/node.properties b/csit/scripts/dmaap-datarouter/docker-compose/node.properties
new file mode 100644
index 00000000..58639cfd
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/docker-compose/node.properties
@@ -0,0 +1,82 @@
+# ============LICENSE_START===================================================
+#  Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+#
+#    Configuration parameters set at startup for the DataRouter node
+#
+#    URL to retrieve dynamic configuration
+ProvisioningURL = https://dmaap-dr-prov:8443/internal/prov
+#
+#    URL to upload PUB/DEL/EXP logs
+LogUploadURL = https://dmaap-dr-prov:8443/internal/logs
+#
+#    The port number for http as seen within the server
+IntHttpPort = 8080
+#
+#    The port number for https as seen within the server
+IntHttpsPort = 8443
+#
+#    The external port number for https taking port mapping into account
+ExtHttpsPort = 443
+#
+#    The minimum interval between fetches of the dynamic configuration from the provisioning server
+MinProvFetchInterval = 10000
+#
+#    The minimum interval between saves of the redirection data file
+MinRedirSaveInterval = 10000
+#
+#    The path to the directory where log files are stored
+LogDir = /opt/app/datartr/logs
+#
+#    The retention interval (in days) for log files
+LogRetention = 30
+#
+#    The path to the directories where data and meta data files are stored
+SpoolDir = /opt/app/datartr/spool
+#
+#    The path to the redirection data file
+RedirectionFile = etc/redirections.dat
+#
+#    The type of keystore for https
+KeyStoreType = PKCS12
+#
+#    The type of truststore for https
+TrustStoreType = jks
+#
+#    The path to the file used to trigger an orderly shutdown
+QuiesceFile = etc/SHUTDOWN
+#
+#    The key used to generate passwords for node to node transfers
+NodeAuthKey = Node123!
+#
+#    DR_NODE DEFAULT ENABLED TLS PROTOCOLS
+NodeHttpsProtocols = TLSv1.1|TLSv1.2
+#
+#    AAF type to generate permission string
+AAFType = org.onap.dmaap-dr.feed
+#
+#    AAF default instance to generate permission string - default should be legacy
+AAFInstance = legacy
+#
+#    AAF action to generate permission string - default should be publish
+AAFAction = publish
+#
+#    AAF CADI enabled flag
+CadiEnabled = false
+#
+#    AAF Props file path
+AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
diff --git a/csit/scripts/dmaap-datarouter/docker-compose/provserver.properties b/csit/scripts/dmaap-datarouter/docker-compose/provserver.properties
new file mode 100755
index 00000000..b54868e2
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/docker-compose/provserver.properties
@@ -0,0 +1,55 @@
+# ============LICENSE_START===================================================
+#  Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+
+#Jetty Server properties
+org.onap.dmaap.datarouter.provserver.http.port           = 8080
+org.onap.dmaap.datarouter.provserver.https.port          = 8443
+org.onap.dmaap.datarouter.provserver.https.relaxation    = true
+
+org.onap.dmaap.datarouter.provserver.aafprops.path       = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+
+org.onap.dmaap.datarouter.provserver.accesslog.dir       = /opt/app/datartr/logs
+org.onap.dmaap.datarouter.provserver.spooldir            = /opt/app/datartr/spool
+org.onap.dmaap.datarouter.provserver.dbscripts           = /opt/app/datartr/etc/misc
+org.onap.dmaap.datarouter.provserver.logretention        = 30
+
+#DMAAP-597 (Tech Dept) REST request source IP auth
+# relaxation to accommodate OOM kubernetes deploy
+org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
+
+#Localhost address config
+org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1
+
+# Database access
+org.onap.dmaap.datarouter.db.driver   = org.mariadb.jdbc.Driver
+org.onap.dmaap.datarouter.db.url      = jdbc:mariadb://datarouter-mariadb:3306/datarouter
+org.onap.dmaap.datarouter.db.login    = datarouter
+org.onap.dmaap.datarouter.db.password = datarouter
+
+# PROV - DEFAULT ENABLED TLS PROTOCOLS
+org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
+
+# AAF config
+org.onap.dmaap.datarouter.provserver.cadi.enabled = false
+
+org.onap.dmaap.datarouter.provserver.passwordencryption   = PasswordEncryptionKey#@$%^&1234#
+org.onap.dmaap.datarouter.provserver.aaf.feed.type        = org.onap.dmaap-dr.feed
+org.onap.dmaap.datarouter.provserver.aaf.sub.type         = org.onap.dmaap-dr.sub
+org.onap.dmaap.datarouter.provserver.aaf.instance         = legacy
+org.onap.dmaap.datarouter.provserver.aaf.action.publish   = publish
+org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
\ No newline at end of file
diff --git a/csit/scripts/dmaap-datarouter/docker-compose/subscriber.properties b/csit/scripts/dmaap-datarouter/docker-compose/subscriber.properties
new file mode 100644
index 00000000..311bbe56
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/docker-compose/subscriber.properties
@@ -0,0 +1,35 @@
+# ============LICENSE_START===================================================
+#  Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+
+#Subscriber properties
+org.onap.dmaap.datarouter.subscriber.http.port           = 7070
+org.onap.dmaap.datarouter.subscriber.https.port          = 7443
+org.onap.dmaap.datarouter.subscriber.auth.user           = LOGIN
+org.onap.dmaap.datarouter.subscriber.auth.password       = PASSWORD
+org.onap.dmaap.datarouter.subscriber.delivery.dir        = /opt/app/subscriber/delivery
+
+org.onap.dmaap.datarouter.subscriber.https.relaxation    = true
+org.onap.dmaap.datarouter.subscriber.keystore.type       = jks
+org.onap.dmaap.datarouter.subscriber.keymanager.password = changeit
+org.onap.dmaap.datarouter.subscriber.keystore.path       = /opt/app/datartr/self_signed/keystore.jks
+org.onap.dmaap.datarouter.subscriber.keystore.password   = changeit
+org.onap.dmaap.datarouter.subscriber.truststore.path     = /opt/app/datartr/self_signed/cacerts.jks
+org.onap.dmaap.datarouter.subscriber.truststore.password = changeit
+
+
+
diff --git a/csit/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12 b/csit/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12
new file mode 100644
index 00000000..3793a9d4
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr-node.p12
diff --git a/csit/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props b/csit/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props
new file mode 100644
index 00000000..e32e7282
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/dr_certs/dr_node/org.onap.dmaap-dr.cred.props
@@ -0,0 +1,17 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+#   by root
+#   on 2021-03-12T11:38:49.244+0000
+# @copyright 2019, AT&T
+############################################################
+Challenge=secret
+cadi_alias=dmaap-dr-node@dmaap-dr.onap.org
+cadi_key_password=secret
+#cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile
+cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr-node.p12
+cadi_keystore_password=secret
+cadi_keystore_password_jks=secret
+cadi_keystore_password_p12=secret
+cadi_truststore=/opt/app/osaaf/local/truststore.jks
+cadi_truststore_password=secret
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
diff --git a/csit/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks b/csit/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks
new file mode 100644
index 00000000..91547c60
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/dr_certs/dr_node/truststore.jks
diff --git a/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12 b/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12
new file mode 100755
index 00000000..1393fb05
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr-prov.p12
diff --git a/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props b/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props
new file mode 100644
index 00000000..18f91ba8
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/org.onap.dmaap-dr.cred.props
@@ -0,0 +1,17 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+#   by root
+#   on 2021-03-12T11:29:50.699+0000
+# @copyright 2019, AT&T
+############################################################
+Challenge=secret
+cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org
+cadi_key_password=secret
+#cadi_keyfile=/opt/app/osaaf/local/org.onap.dmaap-dr.keyfile
+cadi_keystore=/opt/app/osaaf/local/org.onap.dmaap-dr-prov.p12
+cadi_keystore_password=secret
+cadi_keystore_password_jks=secret
+cadi_keystore_password_p12=secret
+cadi_truststore=/opt/app/osaaf/local/truststore.jks
+cadi_truststore_password=secret
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
diff --git a/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks b/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks
new file mode 100644
index 00000000..91547c60
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/dr_certs/dr_prov/truststore.jks
diff --git a/csit/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem b/csit/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem
new file mode 100644
index 00000000..1f9d08e5
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/robot_ssl/onap_ca_cert.pem
@@ -0,0 +1,40 @@
+
+# Issuer: C=US,O=ONAP,OU=OSAAF
+# Subject: C=US,O=ONAP,OU=OSAAF
+# Label: ""
+# Serial: 0x9EAEEDC0A7CEB59D
+# MD5 Fingerprint: 77:EB:5E:94:2E:B7:A3:45:97:6C:87:FE:A7:F7:64:0F
+# SHA1 Fingerprint: 90:25:D1:D3:8B:3C:BE:2C:73:E9:6C:1A:48:5B:06:A8:39:0D:54:3B
+# SHA256 Fingerprint: 1F:C2:BB:F6:7E:11:6F:F0:4C:C3:D9:6C:73:E5:99:B7:CA:7D:4D:EF:AA:6C:69:46:0D:2C:7B:A9:E4:23:5F:EA
+-----BEGIN CERTIFICATE-----
+MIIFczCCA1ugAwIBAgIUVl0TXS1NTKZy68+AFpfvCBbs3JwwDQYJKoZIhvcNAQEL
+BQAwQTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDTALBgNVBAoM
+BE9OQVAxDjAMBgNVBAsMBU9TQUFGMB4XDTIxMDMxNjE1MjA1MloXDTQxMDMxMTE1
+MjA1MlowQTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDTALBgNV
+BAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA1NdArmwTe6C9NZnMAPP0uvy9IH/+Lc9dgO9+j6F+JqLDXn+O5vaj
+6EMU5o60sGzymbMdwk26jiR7KYG8puZzI0EsjwELrLV5NYrUR1y7g+sbJWFUiB0X
+SseifQD9bSG0YBX7J6bQEilh18+oWpXIygl8/VJuiuDhaYdakmwn9AxQRm/zRDcI
+tMS49gq7ARpwMrZaZkQ5eL2R0eX4yj915fAgsvLNmfNTkkTCTBuGYAfixz2+uz8r
+4xZqxXrln6CVe6pV5MOxxQsJq0QfSfNxKFqhVJTSj3STG8UDKDPIcTqVLS6v3/iY
+WX43pHuqjfrGLy3HjPCIWphsx9EWq02bnLvwsnibRgfXjZNbdhePOZV8Xd+4MfHy
+uyFRf5xHvQm3f3vLtCQ1rmHk/3wb2Mb1SbTGt6sL6Waqs/VnnPyTwhXJk6RnU991
+qAnqSCLzKNEPNnpSTQKU35NPbdCAw/z97K5Ar8JWH2XiM65dV0j0d/Ura0PXUXRN
+Royi7rREJKBMFszwxqCCHZkH6/Fbs8vmBWC1gLQgDqK+IgU1/+ytUPOsMVqPcNjM
+RrZyd8xCoxEyd+Ly6y2EF9RE6qS/rlW/yUh3AIBlpcsVxc+Kh1nvNRLLJzHvrvSs
+wvd6LpWHVaffO02hp3suXDwOtLq91lAHLA48iDty/Js+jFjohZJ/+LsCAwEAAaNj
+MGEwHQYDVR0OBBYEFMeiRem06VRh0sL0L5k9B5A01QAoMB8GA1UdIwQYMBaAFMei
+Rem06VRh0sL0L5k9B5A01QAoMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBGdpwWyOIw7jBkEJbheeje8ccc51Z0SY/8
+oo/cYi9cI2SNtE4yt9SOZtXiWO1ga1PuFP5vNkPZu3MtqtsDt8CsSgYfgCKX1DH4
+RloTJJO73UKuMmnoqHNsuE6rHRrcoqcV8XJJ9uBz2cDVWfVDG5Pf92lB1cLQ5AGb
+X7O7MKNHu4woFdbbI8f3TN6Qx5oAcrS1alLMuPJhIkwcHuiWdjJuORx2MK4K9gov
+yRJceVyqMiTr7GGYFi/FQKIzIaHeKgQy+YGLfQ1GcbUmVItU4aQMfSM2RXb7wJ90
+XBFi0NjXZfMXVZ9kxqIki/s6NefrDAOFjHINUxGucXjEw1raewprErlsNt/8SUKT
+EDSLe1YD558jzUaqVdWinL6gMRTyyHOwt/51mg4sn3i2WLdL1Hno4F7GUIbkBmi5
+VSDDWnXdpwaFWeqA8JAvy+JIh+Ju671U1HhB68lGRvNOgfZbvW3m8GGpXldR5krR
+OYhwbxdU1rNYHH+DJ0KE4L1Y6es/571+UH7NFbvO6jAk9G/Fudel+SwhXVfFo0pi
+mmXAwT2bmDEiYBzDNHFwyT3+OGKXiDXuMvMB9ic7p3Zk9X0mRtpubW1gfZvUqIqe
+jaVeZdad0DX1yfjwi5zYT+ViI7pjXVYlgiBAnjMrEmWOpRcs793F5zBiyDjaUNFt
+3arVcS9XgA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/csit/scripts/dmaap-datarouter/robot_ssl/update_ca.py b/csit/scripts/dmaap-datarouter/robot_ssl/update_ca.py
new file mode 100644
index 00000000..d36f8acc
--- /dev/null
+++ b/csit/scripts/dmaap-datarouter/robot_ssl/update_ca.py
@@ -0,0 +1,65 @@
+# ============LICENSE_START===================================================
+#  Copyright (C) 2019-2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=====================================================
+
+import certifi
+import os
+
+
+def add_onap_ca_cert():
+    cafile = certifi.where()
+    dir_path = os.path.dirname(os.path.realpath(__file__))
+    datarouter_ca = dir_path + '/onap_ca_cert.pem'
+    with open(datarouter_ca, 'rb') as infile:
+        customca = infile.read()
+
+    with open(cafile, 'ab') as outfile:
+        outfile.write(customca)
+
+    print("Added DR Cert to CA")
+
+
+def remove_onap_ca_cert():
+    cafile = certifi.where()
+    number_of_lines_to_delete = 40
+    count = 0
+    dr_cert_exists = False
+
+    with open(cafile, 'r+b', buffering=0) as outfile:
+        for line in outfile.readlines()[-36:-35]:
+            if '# Serial: 0x9EAEEDC0A7CEB59D'.encode() in line:
+                dr_cert_exists = True
+        if dr_cert_exists:
+            outfile.seek(0, os.SEEK_END)
+            end = outfile.tell()
+            while outfile.tell() > 0:
+                outfile.seek(-1, os.SEEK_CUR)
+                char = outfile.read(1)
+                if char == b'\n':
+                    count += 1
+                if count == number_of_lines_to_delete:
+                    outfile.truncate()
+                    print(
+                        "Removed " + str(number_of_lines_to_delete) + " lines from end of CA File")
+                    exit(0)
+                outfile.seek(-1, os.SEEK_CUR)
+        else:
+            print("No DR cert in CA File to remove")
+
+    if count < number_of_lines_to_delete + 1:
+        print("Number of lines in file less than number of lines to delete. Exiting...")
+        exit(1)