Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Practice AreaCheckpointYes/NoEvidencesHow to?
SecurityHas the Release Security/Vulnerability table been updated in the  protected Security Vulnerabilities wiki space?Yes

Table in in the protected Security Vulnerabilities wiki space:

/wiki/spaces/SV/pages/16089316


PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off?Yes

NBI registers APIs into MSB which provides HTTPS for external access.

Internal HTTPS has not been prioritized on DUBLIN

Note:

Check and update MSB registration

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyEXTAPI-216

Test ( need MSB and a deployed instance, tests will be provided as postman collection )

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyEXTAPI-215


Has the project documented all open port information?Yes

31130 => 8080

See OOM NodePort List

Update OOM NodePort List
Has the project provided the communication policy to OOM and Integration?TODO
 Recommended Protocols
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project?Yes

Already done the most part:

From 11 to 3 security threats from Casablanca to Dublin master branch.

  • Replace vulnerable packages
  • Document false positives in the release notes if it is not possible to replace the vulnerable packages
  • Document vulnerabilities inherited in dependencies: include the name of the dependency and any mitigations that can be implemented by an ONAP user
  • Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repository
Architecture


Has the Project team reviewed the APIs with the Architecture Committee (ARC)?Yes

Architecture walk through to understand how each project contributes on Release Use Case. ARC to organize the walk through.

Is there a plan to address the findings the API review?TODOYes

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyEXTAPI-217


The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki.
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval?Yes
In the case some changes are necessary, bring the request to the TSC for review and approval.

Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone?

No
Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes.
Provide link to the API Documentation.Yeshttps://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/offeredapis/offeredapis.html
Release ManagementAre committed Sprint Backlog Stories been marked as "Closed" in Jira board?NA

Backlog not used, only issue tracking

https://jira.onap.org/secure/RapidBoard.jspa?projectKey=EXTAPI&rapidView=43&view=planning


Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira?NABacklog not used, only issue tracking
Have all findings from previous milestones been addressed?Provide link to JIRA findingsNANo issues
DevelopmentIs there any pending commit request older than 36 Business hours in Gerrit?Nohttps://gerrit.onap.org/r/#/q/project:externalapi/nbi+status:open+label:verified+-is:draft+-label:Code-Review%253D-1+AND+-label:Code-Review%253D-2++AND+is:mergeable+age:1week

Gerrit Query: status:open label:verified -is:draft -label:Code-Review=-1 AND -label:Code-Review=-2  AND is:mergeable age:1week


Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar)Yes

Yes Coverage 77.00%

https://sonar.onap.org/dashboard?id=org.onap.externalapi-nbi%3Anbi-rest-services

Sonar

Guidance on Code Coverage and Static Code Analysis

Tools: Sonar

Are all the Jenkins jobs successfully passed ( Merge-Jobs)?

Yes

Java

https://jenkins.onap.org/job/externalapi-nbi-master-merge-java/



https://jenkins.onap.org/view/Merge-Jobs/

Are all binaries available in Nexus?Provide link to evidenceYes

Java

https://nexus.onap.org/#nexus-search;quick~nbi

docker

https://nexus3.onap.org/#browse/search=keyword%3Dnbi


Integration and Testing


Have 50% of System Integration Testing Use Cases been implemented successfully in Jenkins?

It should include at least 1 CSIT that will be run on

Lab-xxx-OOM-Daily Jenkins Job

Provide link to evidence

No

Not implemented in OOM

Only one test currently, running outside oom context

https://jenkins.onap.org/view/CSIT/job/externalapi-nbi-master-csit-healthcheck/


Has the project code successfully passed the Daily Build process?Yes

Both java an docker daily build

https://jenkins.onap.org/view/externalapi/

Goal is to ensure the latest project commit has not broken the Integration Daily Build 

Has the project passed the Integration Sanity Tests?

NoNot implemented in NBI

Integration sanity tests in Dublin Release cover:

  • ONAP deployment
  • All components health check
  • VNF onboarding and service creation for vFW use case
  • Model distribution for vFW
  • vFW instantiation
  • vFW closed loop
  • vFW deletion

No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1

No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues

Modeling

Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)?

Yes

Each API resources is documented with swagger, as json or yaml, and each data model is also described as plantuml and xml schemas

Here the master readthedoc sources ( not yet build and available online )

https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_serviceOrder

https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_hub

https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_serviceInventory

https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_status




It is a non-blocking item for M3 - The Modeling team is gathering information

...