Casablanca Risks

This centralized page, for all Casablanca projects, is aimed at identifying the risks as they are foreseen within the release life cycle.

A Risk that materialized becomes an Issue.

Status:

  • Identified: a risk that has been identified, but has not yet been analyzed / assessed yet 

  • Assessed: an identified risk which currently has no risk response plan 

  • Planned: an identified risk with a risk response plan

  • In-Process: a risk where the risk response is being executed 

  • Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided

  • Not occurred: a risk that was identified but that did not occur 

  • Rejected: created and kept for tracking purposes but considered not to be used yet



Risk ID

Project Team or person identifying the risk

Identification Date

Risk (Description and potential impact)

Team or component impacted by the risk

Mitigation Plan

(Action to prevent the risk to materialize)



Contingency Plan - Response Plan

(Action in case of the risk materialized)

Probability of occurrence (probability of the risk materialized)

High/Medium/Low

Impact

High/Medium/Low

Status

Risk ID

Project Team or person identifying the risk

Identification Date

Risk (Description and potential impact)

Team or component impacted by the risk

Mitigation Plan

(Action to prevent the risk to materialize)



Contingency Plan - Response Plan

(Action in case of the risk materialized)

Probability of occurrence (probability of the risk materialized)

High/Medium/Low

Impact

High/Medium/Low

Status

1

Katel34

6/27/2018

CII Badging - Casablanca Release Criteria is about addressing test coverage (including JS)

Therefore some projects might not pass their CII Badging.

Any Project team who has JS as part of their code and who will not have enough bandwidth

Find an alternative to the current proposal

https://lists.onap.org/g/Onap-seccom/topic/cii_badging_passing_level/22721721?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,22721721

If it is confirmed that the solution (https://lists.onap.org/g/Onap-seccom/topic/cii_badging_passing_level/22721721?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,22721721) is the right way to move forward then we believe that we should split the JS test coverage into several phases that will be implemented across multiple ONAP releases depending on each project’s bandwidth:

Phase 1 – Setup the infrastructure

Phase 2-  Analyze the SONAR test coverage and build a plan to meet JS test coverage criteria

Phase 3- Add test cases to meet the JS test coverage criteria

High

Low since agreement on the Mitigation Plan

In-Process

6/27/18 update:

Current proposal presented to the Security Subcommittee to provide awareness

7/25/18 update:

Proposal accepted by the Security Committee. jS test coverage is descoped from the Casablanca release with the assumption that CLAMP will perform a pilot (setup infra, code change and few test cases) as part of the Casablanca release.

https://lf-onap.atlassian.net/wiki/display/DW/Languages+supported+for+code+coverage

08/23/18 update: Closed

Agreement to close this risk at M3 review

2

Portal

6/27/2018

Policy, VID apps that use portal/sdk will be directly impacted under S3P for logging support from portal/sdk due to lack of resources;

Policy, VID, Portal

Requesting open community for resources who can help with logging in portal/sdk.

20181005: update Helped with exposing their HTTPS/SSL nodeport under OOM-1455: new node port for Portal’s HTTPS portClosed

Actively looking for resources to support the logging integration from Portal perspective.

High

High

Closed

  • Sep 27 2018: The logging work item is moved to Dublin - LOG-534: Log Spec Alignment: Portal 3 containersClosed

  • Aug 09 2018: @Michael O'Brien is looking into the portal/sdk and changes needed to performed from logging perspective. So that, the portal/sdk can be consumed by Policy, VID and Portal applications. As long as the logging is integrated in portal/sdk by API freeze, then the risk can be reduced from "High" to "Medium" and when the other teams consume the sdk, then the risk can be closed.

  • 20180726: Log team (Amdocs/AT&T) will work with portal and policy on deployment, spec alignment, aaf security (roles) -

LOG-534: Log Spec Alignment: Portal 3 containersClosed

for

Logging Casablanca Scope

3

Portal

6/27/2018

Policy, VID, AAI, SDC will be impacted under Security for AAF role management support required from portal/sdk due to lack of resources;

Policy, VID, AAI, SDC, Portal

Requesting open community for resources who can help with AAF role management and CADI integration in portal/sdk.

SDC, Policy, VID teams agreed that they maintain both HTTP and HTTPs ports open, so that the Portal is not completely broken.

High

Medium

Closed

  • Sep 21 2018: The current state is to integrate with AAF not via CADI but via REST as described below in detail. So the Portal team released portal/sdk version 2.4.0 for Casablanca and 2.5.0 along with CADI is deferred for Dublin release.

  • Sep 06 2018: Portal team working with AAF team (@Jonathan Gathman) and found few integration issues, however workaround is proposed and is being worked out.

    • Portal team still in the process of integration CADI framework in SDK to talk to AAF. We already have the capability to communicate with AAF for User Role Enforcement via REST.

    • To SDC, Policy, VID teams: We strongly recommend that you start upgrading the current version of SDK to 2.4.0 ( available in staging repository). Our team can help with the upgrade process. Once the CADI integration is fully implemented in 2.5.0 version, at that point it will be easier to just bump your POM to 2.5.0 from 2.4.0 as we are not anticipating any changes in the client code (by design).

      Please note. You are already aware of this but just to confirm:

      1. SDK will be used for User/Role enforcement only as it is doing today (when user accesses the application from browser). For Casablanca, we are not targeting System to System AAF Authorization.

      2. Certificate Management is the responsibility of individual Applications and not SDK.

  • Aug 09 2018: @SITHARAMAN T R from IBM stepped up requesting the details on AAF - CADI risk. Once the IBM resources analyze the work and commit for the ETAs on the AAF integration into portal/sdk, then the risk priority can be reduced from High to Medium.

    • Proposal: However, AAF-CADI integration is still a risk to complete in portal-sdk as the work has not yet started by any resources and it will be too late for policy/sdc/vid/aai teams to consume in the same Casablanca release. So the proposal is to target for portal-sdk to integrate in Casablanca depending on the available IBM resources (also depends on their expertise on AAF to pick up the work) and then plan to consume the integrated portal/sdk by other teams in next release (D release).



4

Portal

6/27/2018

OOM deployment is impacted if the DB scaling changes are not supported by Portal team; also the changes for simplification of etc/hosts entries impacts the OOM deployment which is not committed by Portal team so far due to lack of resources.

OOM, Portal

Requesting open community for resources who can help with deployment upgrades in Portal using OOM.

OOM team is looking into the OOM integration related Portal JIRA items, we may expect some support or contribution, but not committed yet.

Medium

Medium

Closed

  • Sep 27 2018: In Dublin release, OOM Team new plan is to address the common DB requirement as part of OOM-1209: Upgrade Portal to use common mariadb chartsClosed

  • Sep 06 2018: OOM team (@Prateek Khosla) working on OOM-1164: Create common mariadbClosed to address the a common Mariadb Charts that can be utilized by various applications (in this case Portal).

  • Aug 09 2018: OOM team is looking into the OOM integration related Portal JIRA items, we may expect some support or contribution, but not committed yet. After the commitment the risk can be reduced from High to Medium.

5

Policy

7/10/2018

Scale Out Use Case: Moving to Dmaap based API call to SO for Scale out. This API was for both VID and Policy to use instead of the REST call for simplicity.

Policy

It doesn't look like the SO team has any epic or user story for developing this work in their M1 planning template.

Fallback to using the current RESTful API to make the call - but this may not be sufficient to satisfy the Use Case.

High

High

The following JIRA was created to support SO side:

SO-734: SO must support vfModule scaleout requestsClosed

@Seshu Kumar Mudiganti - I hope you are aware of this work that your AT&T resources are doing.

@Pamela Dragosh - There is already a story SO-676 created for the Scaleout in Casablanca



Jul 26, 2018  Marking Closed per Gildas request during TSC.

6

OOM

7/24/2018

Helm Chart transfer of ownership to project teams.

Prevents project teams from owning helm charts for their components.

But more importantly, prevents CI/CD.

Need LF to complete work started in Beijing (ticket # 53102) that addresses:

  • trigger builds per project instead of all projects once daily

  • build related Helm charts per project

  • publish Helm artifacts to LF hosted Helm repo

OOM-752: LF support for Helm build job and repositoryClosed is blocking OOM-1242: Transfer helm chart ownership to remaining teamsClosed

Work has now started and meetings are ongoing - will be addressed shortly.



High

High

Assessed

CLAMP  

7/19/2018 

DCAE-DS service template and policy model not committed for Casablanca 

DCAE-DS/SDC, CLAMP

need to agree at least on a design during Casablanca release.



need to get commitment from SDC/DCAE-DS on development before  8/8, otherwise it will become a stretch goal for Casablanca

CLAMP will fallback on using just the blueprint for C.L distribution from DCAE-DS/SDC 

 High

 Medium

Closed

CLAMP will fallback on using just the blueprint for C.L distribution from DCAE-DS/SDC

CLAMP 

7/19/2018 

Policy team not yet sure to support the full api needed for Guard policy 

 CLAMP, Policy

 starting the work using the  not final API version given by policy team. guard API is a stretch goal for Casablanca

CLAMP will support scale out using Beijing policy api + new payload to allow injection of SO parameter manually in CLAMP UI.

Medium 

Low

Closed

@Pamela Dragosh - The policy team understands and has shared the scope of doing the guard work and is committed to doing the work.



9

APPC

7/25/2018

Decisions by team on ScaleOut use case for Casablanca is to have SO continue sending the configuration data via the payload, which means this is a test exercise for APPC. If  decision is reversed later, then we will need to reassess do-ability based on timeline.

APPC, SO

Stick to original decision to have SO continue sending configuration data in the ScaleOut request payload.

Stick to original decision to have SO continue sending configuration data in the ScaleOut request payload.

Low-Medium

Medium

Closed

1/8: Got confirmation that SO will continue sending the configuration data via the payload, which means this is a test exercise for APPC.

10

APPC

7/25/2018

The requirement for new traffic migration LCM API is not finalized

SDNC

CCSDK

Agreement with Ajay:  Traffic Migration use case will be planning: 1, Pull Ansible with RESTful  server docker image from CCSDK/SDNC, 2, APPC sends request to Ansible server with string of playbook name. 3, VNF owner writes all information in playbook. 4, Ansible server sends RESTful request to VNF in order to do the traffic migration use case.

Also in R3, APPC with owner of use case will define Traffic Migration LCM API, then implement the Traffic Migration LCM API in R4.



Low-Medium

Low-Medium

In Progress:

DistrubuteTraffic meeting notes

11

OOF

7/25/2018

Changes to the ONAP Resource Data Model in R3

OOF

While OOF doesn’t directly interact with SDC, it consumes the model information indirectly through SO/AAI (and passing the solution with some of this information back to SO), and will be impacted if the SO/AAI APIs (and key parts of the payload) change in R3. The chance of occurrence of the risk is low assuming that there will be no/minimal changes to the SO-OOF API and the VNF resource models in AAI when documenting the TOSCA models.



Low

Medium

Closed

12

SO

7/19/2018

ATT Ecomp 1806 code merge

SO

The code merge of the seed code of ATT 1806 is gettig delayed due to yang model changes. This if further delayed could be an issue for the SO deliverables for Casablanca.

If the code is not merged by July end time frame then we will need to drop the features for casablanca scope.

High

High

Closed

13

SO

7/24/2018

Scale out feature is risky from SO side

SO

The detailed design and the E2E flows are not yet clear and needs to be finalised at the earliest for this feature to go through

The Usecase may not be able to make it in Casablanca without this clarity being bought.

Medium

High

closed

14

VID

8/1/2018

Scale out requirements are not finalized

Scaling use case

Finalize requirements, or fallback to Beijing implementation of scaling out

Meeting today with Scott and Steve (SO)

Medium

Medium

Closed

15

VID

8/1/2018

Need for AAF certification to implement HTTPS support

AAF integration





Medium

Medium

Closed

16

CLAMP

8/10/2018

Need Policy API change to support Logging Specification 1.2

CLAMP, Policy

Try to get resources for the API change

CLAMP, Policy won't be 100% compliant with the spec, will still try to implement other parts

Medium

Medium

Closed

this policy api used by CLAMP won't satisfy the log spec given that Policy team doesn't have the resources to implement it.

17

Sparky-be

9/10/2018

Without AAF integration sparky can not launch on Https mode. Which means that portal also must launch in http to let sparky launch in http. This also means that CII requirements wont be meet by sparky

Sparky-be, AAI

Portal should be configured to launch using both http and https. When AAI-UI(sparky) needs to be launched portal should be opened on http mode.









18

Policy

9/19/2018

HPA Use Case

There were not enough resources given to support the HPA use case. Although Ericsson and AT&T covered the majority of the work, some parts of the development were not finished: CSIT, and S3P.

Policy

Utilize manual creation of policies as was done in Beijing.

Request Intel to provide resource to finish the work and drive testing for this.

High

Low



19

done

Logging

10/02/2018

Release multiple 6 jars/1 war in single repo - issues with all or nothing build

logging only

https://lists.onap.org/g/onap-discuss/topic/release_procedure_for_repos/26675742?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,26675742

This is the first release of logging with actual jar/war artifacts that may need to be in a 1:1 artifact/repo structure instead



work with LF to manually release each artifact by adjusting the pom structure for each artifact

medium

medium (our artifacts jars/war/docker/kubernetes) are for demo only and not used by any team in onap yet

LOG-715: Release Logging jars/wars by RC0Closed