Recording:
Recorded Session 2018-10-17 Part 1
Recorded Session 2018-10-17 Part 2
Attendees:
START RECORDING
Time | Title | Responsible | Notes | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Weekly Developer's Call | James Forsyth | James Forsyth will create a new poll: https://www.timeanddate.com/ and send link to new poll to the onap-discuss list | ||||||||||||||
CII Badging | Fill out CII Silver Badging Template. We have not committed to a silver badge, but the community wants us to fill it out to the best of our ability. | |||||||||||||||
IQ Vulnerabilities | Thank you for providing the feedback for AAI known vulnerabilities. I do agree with your comments on the wiki, however I would like to encourage you to provide your feedback for the remaining vulnerabilities that are available on the Nexus-IQ but unfortunately not included on your Wiki. If needed, we can have a short call together to review remaining vulnerable components (I hope the list is complete): tomcat-catalina : 8.5.23 tomcat : zip : 8.5.23 tomcat-util : 8.5.23 tomcat-websocket : 8.5.23 netty-all : 4.1.0.CR3 cxf-rt-transports-http : 3.2.2 Update 18th Oct:
| |||||||||||||||
Dublin 5G Use Case | Dublin AAI changes in support of 5g use cases. Link for presentation: 5G - PNF Plug and Play (Casablanca carry-over items)
| |||||||||||||||
Schema Service | Discuss about the Schema Microservice 11th Oct: Use Cases Case Proposals for Dynamic AAI Schema Service ProposalChanges | |||||||||||||||
Jackson Replacement | Security subcommittee has recommended teams move away from jackson, and will be presenting alternatives and asking for an assessment from each project. Our team will need to do an analysis - this would not be trivial, especially given how many of our repos are impacted. As of now, this would be a very high LOE for the team, we need to understand what the recommendation from the SECCOM is before we can provide better details on what the LOE would be. Updated: Using Google gson vs FasterXML Jackson 10th Oct: Present to Seccom meeting 15th Oct: Present to PTL meeting | |||||||||||||||
Release Candidates | RC0 is 11 October. James Forsyth is going to start releasing artifacts today, 26 Sep and roll through the set of repos, replacing the -SNAPSHOT dependencies with the release version. | XSD generation | Multi-oxm. There is limited auditing which shows warnings, but we might want to review the requirements around multi-oxm to prevent collisions. | |||||||||||||
Support for 2 OOM deployment types | Motivation: Decrease the resource footprint for A&AI (ONAP) deployments Idea: we could support 2 different deployments 1. full (normal) deployment and 2. barebones deployment. The point of the "barebone" deployment would be to deploy only the essential services necessary for proper functioning of A&AI (leaving out services like cacher, sparky, graphadmin, having 1 cassandra node instead of 3 or 5 etc). In order to reduce hardware/cloud costs (mainly the memory footprint) it could be beneficial to support a minimalistic A&AI deployment. | |||||||||||||||
AAF and TLS in Casablanca | The AAI team needs a strategy for integrating with AAF and AAF certificate manager, including potentially using 2-way TLS in R3. - AAI-32Integrate with AAF Open Update 6 June: Andy Baxter provided presentation Update 10/17: It works! First successful deployment of the AAI profile in OOM. Need to make it permanent once AAF is stable.
| NexusIQ | Issues need to be remediated or have a plan before M4. | |||||||||||||
5G PNF Software upgrade | We have a 5G related functionality in Change management, 5G PNF Software upgrade. https://wiki.onap.org/display/DW/5G+-+PNF+Software+Upgrade. Right now, PNF software version is modeled and accepted in SDC, and also approved in Modeling subcommittee and TSC.https://wiki.onap.org/display/DW/TSC+2018-07-26+Meeting+Agenda. (Modeling report) We are not familiar with A&AI. The target of this functionality is to update PNF Sw version when upgrade completion with specified pnfid. Could you and your team give us some help on this? 1) Is there any available APIs provided by AAI for this? 2) If yes, can you give me some details on it. If not, could you and AAI team provide support in Casablanca? We would like to provide contributions if needed. wangyaoguang to follow-up with SDC team and send conclusion results to James Forsyth | |||||||||||||||
PNF Plug and Play w/ A&AI in Casablanca | PLUG AND PLAY USE CASE WIKI: 5G - PNF Plug and Play A&AI ENTRY FOR PNF PnP: 5G - PNF Plug and Play#5G-PNFPlugandPlay-STAGE2-PNFA&AIENTRYUSEDBYPNP There are a number of A&AI topics:
|
D
CII Badging |
Wiki page with instructions on the process: CII Badging Program |
We have two CII Badging submissions currently active on CII Best Practice Badge Program: 1) AAI and 2) Sparky-fe
The team needs to decide how to split up the project - AAI is too big to fit under a single project. James Forsyth proposes the following breakdown for CII badging:
1) AAI core (REST providers and common code): James Forsyth - Project created, ongoing progress.
- aai-common
- aai-resources
- aai-traversal
- gizmo
- champ
- graphadmin
- event-client
2) GUI - Arul Nambi - Need to include more repos to the current "front-end" project
- sparky-fe
- sparky-be
- data-router
- search-data-service
- router-core
3) Model loader - Tian Lee / Mark Tooski- Need to create projects
4) ESR - Zi Li - Project is created, still ongoing process to meet all the requirements
- esr-gui
- esr-server
The idea is that we assign one key person who will be responsible for getting the badge on their set of repos. This is just a suggestion, and I invite discussion, re-categorization, and complete rewrites. Owners of the sets can decide whether it makes sense to group sets into one CII badging request, or split. Every repo above must be included in 1 CII submission.
23 Feb:
Need readout next week per repo as to where we stand and how we can close before M4 (3/29).
Zi Li and Arul Nambi will work together to see if same kind of scan will work for both components
2 March: SONAR will not report on java script based so those need to be run manually via another tool locally.
Update 3/8: Urgent - need to document our plan and have a commitment to get to 50% coverage by m4. Preferably sooner to prevent giving your PTL a heart attack.
Offending repos:
aai-gizmo: 9.14%- aai-common: 41.9% - will have by code freeze, Venkata Harish Kajur targets 23 March
- router-core: 37.0% - Francis Paquette will have by code freeze
ALSO: if your repo is part of Beijing but is NOT part of the SONAR scan, (Venkata Harish Kajur, graphadmin leaps to mind) please fix that ASAP
Update 9 March: Steve Blimkie needs James Forsyth’s signoff on moving small libraries within event and rest clients to aai.core; Spike and Gap not used in Beijing; Tian Lee to create project for Model loader; may need secondary URL describing model-loader but point to aai.core.
Gizmo – Giulio Graziani requesting adding it to his team's work list.
Common – Venkata Harish Kajur working on
Router-core – AMDOCs to work
Update 16 March: James Forsyth to verify on PTL call if all vulnerabilities 4 or above need to be cleared in order to pass.
Update 21 March: Title of project must have ONAP as the first word; Mark Tooski to pickup Tian Lee's action items while he is out.
Update 4 April: We are at 97%
Update 13 June: CII Badging level for Casablanca to move from Passing to Silver
Update 27 June: Team would like to adopt name of repo included in the label
Update 18 July: Activity will continue in Casablanca, same people will continue to report.
Need updates on the CII badging for ESR |
Open Action Items
New Action items