Versions Compared

Old Version 6

changes.mady.by.user James Forsyth

Saved on

compared with

New Version 7

changes.mady.by.user James Forsyth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Practice AreaCheckpointYes/NoEvidencesHow to?
SecurityHas the Release Security/Vulnerability table been updated in the   protected Security Vulnerabilities wiki space?Yes

Table in in the protected Security Vulnerabilities wiki space   corresponds to the latest NexusIQ scan

/wiki/spaces/SV/pages/16089295

PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off?YesRequirements and test cases for transport layer encryption have been   created for all interfaces not currently supporting encryption.
Has the project documented all open port information?Yes

Has the project provided the communication policy to OOM and Integration?Yes
 Recommended Protocols
Do you have a plan to address by M4 the Critical  and High vulnerabilities   in the third party libraries used within your project?Yes

Jira tickets open for each one that can be upgraded; will track on wiki as appropriate

/wiki/spaces/SV/pages/16089295

  • Replace vulnerable packages
  • Document false positives in the release notes if it is not possible to replace the vulnerable packages
  • Document vulnerabilities inherited in dependencies: include the name of the dependency and any mitigations that can be implemented by an ONAP user
Architecture


Has the Project team reviewed the APIs with the Architecture Committee (ARC)?Yes

Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough.

Is there a plan to address the findings the API review?N/ALink to planThe plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki.
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval?YesNAIn the case some changes are necessary, bring the request to the TSC for review and approval.

Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone?

YesWe will not implement the change in the PNF object key from pnf-name to pnf-idCritical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes.
Provide link to the API Documentation.YesAAI REST API Documentation - Dublin
Release ManagementAre committed Sprint Backlog Stories been marked as "Closed" in Jira board?WIPProvide Link to Project backlog
Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira?WIP

Have all findings from previous milestones been addressed?N/AProvide link to JIRA findings
DevelopmentIs there any pending commit request older than 36 Business hours in Gerrit?No

Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar)No

Goal: 55% for Incubation project in the current release

Jira Legacy
serverSystem Jira
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyAAI-2220


Sonar

Guidance on Code Coverage and Static Code Analysis

Tools: Sonar
Do you have a plan to address by M4 the Critical  and High vulnerabilities in the third party libraries used within your project?YesRedundant QuestionEnsure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo.

Are all the Jenkins jobs successfully passed ( Merge-Jobs)?

YesProvide link to evidence
Are all binaries available in Nexus?YesProvide link to evidence
Integration and Testing

Have 50% of System Integration Testing Use Cases been implemented successfully in Jenkins?

YesProvide link to evidence
Has the project code successfully passed the Daily Build process?Yes

Goal is to ensure the latest project commit has not broken the Integration Daily Build


Has the project passed the Integration Sanity Tests?

No

Jira Legacy
serverSystem Jira
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyAAI-2224

We are confident that we fix for this AAI-2224, going thru the release process of a new docker image

Jira Legacy
serverSystem Jira
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyAAI-2222

AAI-2222 is waiting for OOM gerrit +2 and merge: https://gerrit.onap.org/r/#/c/79705/

Integration sanity tests in Dublin Release cover:

  • ONAP deployment
  • All components health check
  • VNF onboarding and service creation for vFW use case
  • Model distribution for vFW
  • vFW instantiation
  • vFW closed loop
  • vFW deletion

No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1

No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues


Modeling

Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)?

YesAAI REST API Documentation - DublinIt is a non-blocking item for M3 - The Modeling team is gathering information

...