...
Jira No | Summary | Description | Status | Solution | Latest feedback received from Integration team | Virtual ONAP event |
| |
---|---|---|---|---|---|---|---|---|
PTLs meeting update | PTLs meeting (held on April 13th) update: -CLI closed 3 http ports and one of the CVEs and running as root -A&AI should Close 15 issues -AAF – still one issue open -Optimization – 1 running as root – under fix - submitted -MUSIC – https port exposed – delivered -Code coverage – 5 exceptions not reaching 55% (all with waiver granted: AAF no resouces for side car, Policy engine will be excluded next release, OOF – no resources) -API documentation presentation by Andy Mayer | Scorecard for requirement req-223 | David proposed to descope this requirement. Progress is minor but SECCOM porposes to keep this requirement as in scope. | Tony - to update scoorecard with green status and comment on minor but positive direction New Notary v2 project - address container image signing | Tero shared info about this new project. In general it aims at validation of container images. Notary v2 use cases: https://github.com/notaryproject/requirements/blob/master/scenarios.md Industry telcom part is missing as contributor. According to lastest ETSI NFV specs containers could be also signed by the operator. OCI artefacts project aiming for modyfying image registry so that helm charts could be stored. | |||
TSC logging presentation – discussion point | 20_04_30_ONAPLoggingGuilin_V1.pptx | ONAP project use of Logging | TSC decision is needed, so proposal to be sent to TSC. Comments collection by 29th of April COB. | |||||
Hardcoding certificates in docker images | PKI - public certificate that is signed by the Certificate Authority. AAF contains hardcoded trust store. According to Krzysztof this is a security issue as root CA in ONAP is already compromised. By default none of the ONAP images should trust that CA. Only If user is deploying ONAP for testing, in lab environemnt, it is fine to use that. A lot of components use AAF hardcoded certificate. Trust store that is in the AAF agent image should be removed from that image and placed in the OOM as a resource and delivered in the image at the deployment time. | We need to have an agreement from projects. This proposal to be presented at the PTLs call. | ||||||
vF2F summary | We discussed about removing passwords in Guilin release, On eof the issues is removing hardcoded certificates and obviously passwords to unclock those certificates. We decied continue using AAF as an official way of retrieveing certificates. but we strongly recommen using of common template intead of doing helm chart on your own so that is it much easier to switch taht in the future, if we decide to do so. Good perception of package upgrade strategy. Jira tickets under creation. CMPv2: several mechanisms to retrieve certificats (one internal and one external). Planning to integrated CMPv2 with DCAE. CErtificate update use case will be added. Enhancements to the Client like configurable format of the output artefacts: P12 and time format support. SDNC update for 3 patches merge on CMPv2. CNTT allignment meeting. CIS benchmark test shared. | Jira tickets under creation. Adam to help Gerard. | ||||||
Synch meeting with Requirements Subcommittee | Synch meeting with Requirements Subcommittee – we missed the one on 27th of April to present SECCOM requirements for Guilin release – next meeting is sccheduled on May 11th. CMPv2 requirements will be presented by Pawel on to the Requirements Subcommittee. | |||||||
CII Badging requirement | Jira tickets to be created info to be shared with Krzysztof. | |||||||
OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 28th 5th OF APRILMAY'20 as on 21st we have vF2F meetings. |
View file | ||||
---|---|---|---|---|
|
View file | ||||
---|---|---|---|---|
|
...