...
| Ref | Blocking? | Status | Component | Description/Notes | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | Open | All | 08/28: Disable HTTP port altogether and only provide HTTPS endpoints for all the containers. Dependency on AAF cert based auth and how it will be mitigated. 09/25: This effort for HTTPS-only will be pursued in Frankfurt 11/20: double check with SECCOM if HTTP needs to be completely removed or can be available using a flag for lower environments like dev - Mandar to check 12/3: Mandar to send an email to onap-discuss indicating the plan to switch to HTTPS port and clients to update their configuration accordingly. 12/11: Email sent to onap-discuss. For BC and DR. Mandar to email the DCAE PTL to make them use HTTPS. 01/22: DCAE confirmed they will not be able to commit to completely migrated to HTTPS DMaaP endpoints for Frankfurt. They will try to cover as many components of theirs as possible with Frankfurt and continue with the rest in the subsequent releases. 01/29: This item to be deferred to the next release until DCAE is able to migrate all their apps to use HTTPS 02/12: Security committee asked to disable HTTP ports 02/19: Fiachra is working on closing the HTTP port for Data Router 03/11: External HTTP exposure should not be there anymore for any of the DMAAP components | |||||||||||||||||
| 3 | OpenClose | All | 11/6: Java 11 upgrade discussion. Individual components will try this out and see what issues they run into. 11/7: DR (Fiachra) tried and is seeing mostly working good for the core code, but running into issues with Mockito. Will continue investigation. 11/13: waiting on the SECCOM recommendation to finalize the Java version to be used (12/13) 11/27: Waiting on SECCOM to release the custom image using Alpine and Java 11. 12/3: Still waiting on image from SECCOM 12/6: meanwhile, I needed a Jira so I created Epic
01/22 - BC got to the point of deploy to Windriver when it went into maintenance. Will continue working. For MR, the Kafka and Zookeeper public images do not have Java11 images yet. DR will take a look at it. 02/05 -
03/11 - DMaaP-BC already upgraded. DMaaP-MR and DMaaP-DR will be addressed in Guilin. | |||||||||||||||||
| 6 | Open | Containers configured per secure recommendation -
02/05 - Implement suggestions from the pdf document attached in the Jira above to all the docker containers. Target M4. 03/11 - Section 4 requirements are implemented already. Section 5 requirements are for runtime environment, which is kubnetes. Most of the requirements are part of kubernetes runtime. | ||||||||||||||||||
| 7 | Open | All | 3/11 - SonarCloud migration for 0% coverage fix to be done asap, but no later than RC0. |
Closed Items:
| Ref | Blocking? | Status | Component | Description/Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Closed | All | 07/17: OOM are proposing a global AAF flag
09/25: this is tied with the HTTP disabling item below. The HTTPS-only exposure will be pursued in Frankfurt release 12/3: Mandar to send an email to onap-discuss indicating the plan to switch to HTTPS port and clients to update their configuration accordingly. 12/11: Email sent to onap-discuss. For BC and DR. Mandar to email the DCAE PTL to make them use HTTPS. 01/22: There is no global level AAF flag in OOM. There will be application flag in the charts. 01/29: Closing this as the flag at DMaaP level will be used. There is no global level AAF flag | |||||||||
| 4 | Closed | MR | 11/6: dmaap-kafka coverage seems to have dropped below 55% at 52.5%. Need to bring it up to at least 55% to meet Frankfurt target 11/27: This is completed. Coverage for dmaap-kafka is now over 60% | |||||||||
| 5 | Closed | All | 11/18 - Helm charts migration to individual projects work has resumed. DMaaP is in the list of projects being worked on currently. OOM-1249 is the corresponding ticket. 11/27 - Helm chart templates from OOM team does not seem to be available yet. 12/3 - waiting on OOM team to complete the templates. 01/22 - This is being de-scoped from Frankfurt per comment from Mike in
|
...