...
REQ# | Description | TSC Priority | DCAE Commit Status | DCAE Impact Assesment | DCAE JIRA # |
REQ-380 | ONAP container repository (nexus) must not contain upstream docker images | MUST HAVE | YES | Add explicit references to dockerhub or nexus to all images Commitment based on AT&T | DCAEGEN2-2322 |
REQ-379 | ONAP projects must use only approved and verified base images for their containers | MUST HAVE | Stretch-goal | HIGH RISK - LIST NOT CONFIRMED + MULTIPLE DCAE COMPONENT IMPACT Commitment : Multiple companies | DCAEGEN2-2323 |
REQ-374 | ONAP shall use STDOUT for logs collection | PTL | Strech-goal | Multiple platform components impacts (CBS, DH, PH, Cloudify not complain). May need a generic way to map filebeat container o/p into std out. (Long- Stretch goal depending on OOM team support | DCAEGEN2-2324 |
REQ-373 | ONAP must complete update of the Python language (from 2.7 -> 3.8) | MUST HAVE | YES | Per TSC 2.7->3.8 important; 3.7-3.8 (nice to have) Except Cloudify and SNMPTrap - all other DCAE components will be migrated to 3.8. SECCOM approved exception on 7/3 (refer jira) Commitment based on T-Mobile | DCAEGEN2-2292 |
REQ-366 | Containers must crash properly when a failure occurs | MUST HAVE | YES | MEDIUM RISK - Need further assessment on DCAE components impacted Commitment based on Ericsson? | DCAEGEN2-2326 |
REQ-365 | Containers must have no more than one main process | MUST HAVE | YES | MEDIUM RISK - Need further assessment on DCAE components impacted Exception required for Cloudify due to upstream dependency. Commitment based on Ericsson? | DCAEGEN2-2327 |
REQ-364 | Replace NodePorts with ingress controller as a default deployment option | PTL | Strech-goal | Need to be create DCAE jira if OOM team support is confirmed (may just need to update your tests to use urls instead of IPs) Resource TBD | NA |
REQ-361 | Continue hardcoded passwords removal | MUST HAVE | YES | 1) Evaluate certInitializer integration impact for DCAE-tls init container Commitment based on AT&T? | DCAEGEN2-1972 |
REQ-360 | Application config should be fully prepared before starting the application container | PTL | NO | Okay for service components (as CBS is used); Platform component should be okay. MOD - to be verified (possibly MOD/Nifi container) + Dashboard Commitment based on impacted list and OOM team support | NOT Committed |
REQ-358 | No root (superuser) access to database from application container | YES | Strech-goal | Need further assesment. Current list of component impact - Dashboard/Inventory/TCA-gen2/heartbeat/PM-Mapper/DL-feed/Son-handler Commitment based on WIPRO? | DCAEGEN2-2329 |
REQ-351 | ONAP must complete update of the java language (from v8 -> v11) | MUST HAVE | YES | MEDIUM RISK : Due to number of DCAE components impacted. Some MOD components will need exception (due to NiFI upstream dependency) Commitment : Multiple companies | DCAEGEN2-2223 |
REQ-350 | Each ONAP project shall improve its CII Badging score by improving input validation and documenting it in their CII Badging site. | PTL | Strech-goal | DCAEGEN2-2332 | |
REQ-349 | Each ONAP project shall define code coverage improvements and achieve at least 55% code coverage | MUST HAVE | YES | Already complaint for Frankfurt components; new component/enhancement to adhere Commitment : Multiple companies | DCAEGEN2-2333 |
REQ-323 | Each project will update the vulnerable direct dependencies in their code base | MUST HAVE | YES | Commitment : Multiple companies | DCAEGEN2-2242 |
...