Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This centralized page, for all Honolulu projects, is aimed at identifying the risks as they are foreseen within the release life cycle.

A Risk that materialized becomes an Issue.

Status:

  • Identified: a risk that has been identified, but has not yet been analyzed / assessed yet 
  • Assessed: an identified risk which currently has no risk response plan 
  • Planned: an identified risk with a risk response plan
  • In-Process: a risk where the risk response is being executed 
  • Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
  • Not occurred: a risk that was identified but that did not occur 
  • Rejected: created and kept for tracking purposes but considered not to be used yet


Risk IDProject Team or person identifying the riskIdentification DateRisk (Description and potential impact)Team or component impacted by the risk

Mitigation Plan

(Action to prevent the risk to materialize)


Contingency Plan - Response Plan

(Action in case of the risk materialized)

Probability of occurrence (probability of the risk materialized)

High/Medium/Low

Impact

High/Medium/Low

Status
1OOF

 

Meeting the following requirement for CMSO - Upgrade vulnerable packagesOOF - CMSOWill be taken up along with the feature implementation if it is required by the use casesProject team will try to take up activity if no new feature is plannedLowLowIdentified
2UUI

 

usecase UI dockers contain GPLv3

Jira Legacy
serverSystem JiraONAP JIRA
serverId4733707d425b2b0a-2057557c-3a0f3c0c-ae5eb515-4fd8aff50176579789cceedb
keyUSECASEUI-494

UUIWill take active action to contact Jira owner and find out witch package contains GPLv3Make the current dependencies work well and keep this problem to next releaseHighLowIdentified
3Policy

 

Some package upgrades (e.g., CDS) may require significant rework

Jira Legacy
serverSystem JiraONAP JIRA
serverId4733707d425b2b0a-2057557c-3a0f3c0c-ae5eb515-4fd8aff50176579789cceedb
keyREQ-439

PolicyWill continue to work on upgradesObtain a waiver for the problem packagesMediumMediumIdentified
4SDC

 

Some package upgrades may require significant rework

Jira Legacy
serverSystem JiraONAP JIRA
serverId4733707d425b2b0a-2057557c-3a0f3c0c-ae5eb515-4fd8aff50176579789cceedb
keyREQ-439

SDCWill continue to work on upgradesObtain a waiver for the problem packagesMediumMediumIdentified
5AAI

 

Cannot upgrade to Java 11 for modules dependent on Java 8 only supported Janusgraph

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)  

AAINothing we can really do given the current constraints unless JanusGraph updates to working with Java 11Obtain a waiver for the mS with the core tech of JanusgraphHighLowIdentified
6DCAE

 

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)  

Due to upstream dependency on NIFI project, some of MOD (NiFI) components (designtool/gen-processor/nifi-registry) will remain in java 8

DCAEMigrate/replace MOD NiFI components with custom containers for future releaseRequest waiver (discused with SECCOM and they are okay with filing exception for NiFI components)HighLowIdentified
7DCAE

REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8

With Cloudify 3.x support releated by Cloudify under 5.1.1, DCAE CM pod upgrade is targetted for H release. This will be major upgrade requiring extensive regression. Marking this risk due to resource/time constraint. 

DCAEBased on severity of issue - we'll assess if new containers can be released for H release or if need to be withheld.If switching to Guilin version (old CM 4.6 version) - will need waiver for Cloudify container and pluginsMediumHighIdentified
8CPS

 

Upgrade vulnerable packages, which all are Transient dependenciesCPSWorking with SecCom to resolve high level vulnerabilitiesObtain a waiver for the problem packagesMediumLowIdentified
9DMaaP Message Router

 

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)  

Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints.

DMaaPSource some more resources for the project to address this issue.Obtain a waiver for the problem packagesHighLowIdentified
10AAI

 

Upgrade vulnerable packages, which all are Transient dependenciesAAISource some more resources for the project to address this issue.Obtain a waiver for the problem packagesMediumLowIdentified
11VID

 

Upgrade vulnerable packages, which all are Transient dependenciesVIDSource some more resources for the project to address this issue.Obtain a waiver for the problem packagesMediumLowIdentified
12MultiCloud

 

REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)

MultiCloud have updated to v3.7, which is the highest version that onappylog can support

MultiCloudRemove the dependency of onappylogObtain a waiver for the impacted componentsMediumLowIdentified
13Modeling

 

REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)

Modeling/etsicatlog can support V3.7, which is the highest version that onappylog can support

ModelingRemove the dependency of onappylogObtain a waiver for the impacted componentsMediumLowIdentified
14VFC

 

REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)

VFC can support V3.7, which is the highest version that onappylog can support

VFCRemove the dependency of onappylogObtain a waiver for the impacted componentsMediumLowIdentified






























...