Support for the Multi Tenancy in ONAP

Key Contacts - Seshu Kumar Mudiganti Olivier Phenix

Guilin Proposed Requirements - Multi-tenancy v2.2.pdf

Executive Summary - Provide the multi tenant non-functional support in ONAP

As a starting point tenant wise runtime operations could be differed for each tenant.

Business Impact - Enables operators and service providers to use leverage ONAP

Business Markets - All operators and service providers can leverage the multi-tenancy functionality of ONAP

Funding/Financial Impacts - Reduction in operations expense from using industry standard Interfaces.

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

Documenting ONAP APIs

Key Contacts - Andy Mayer

Guilin Proposed Requirements

Also see: Developing ONAP API Documentation

Executive Summary - Improve ONAP API Documentation:

Developer Friendly
Non-Developer Friendly
Easy to Find & Easy to Navigate
Common and Uniform Documentation Structure and Approach
Provides Information on Using the API (e.g., quick start)
Try It For Yourself (TIFY) Examples

Proposed non-functional requirements for Guilin release:

All components should place externally facing (i.e. interfaces exposed by the ONAP component to either other ONAP components or components external to ONAP) API definitions (e.g. Swagger) in a common path within their Gerrit/Git
Suggested Path: <Component>/docs/api/swagger/
Apply ReDoc to Swagger and place HTML in Readthedocs for the release
Apply Minimum (Phase 1+) swagger guidelines
1. See: Proposed Phase 1+ OpenAPI 2.0 / Swagger Style Guide
2. Use the common insert for the info section (e.g., license info, contact info, etc): Swagger Insert Sample for Info Section

Related JIRAs under the Documentation project for the API Documentation non-functional requirements:

Epic: https://jira.onap.org/browse/DOC-608

User Story: https://jira.onap.org/browse/DOC-609

User Story: https://jira.onap.org/browse/DOC-610

User Story: https://jira.onap.org/browse/DOC-611

Business Impact - Enables developers, operators and service providers to use leverage ONAP; Improve integration velocity for API client developers; Ease development handoffs;

Business Markets - All developers,operators and service providers can leverage ONAP APIs

Funding/Financial Impacts - Reduction in development and integration expense from using well defined open Interfaces.

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP installation shall be deterministic

Key Contacts - Alessandro D'Alessandromarco.signorelli@telecomitalia.it

Executive Summary - the result of ONAP installation is not yet deterministic. That also refer to the re-installation of single ONAP component.

Proposed non-functional requirements for Guiling release:

ONAP installation shall be determinstic at k8s level with 99% success rate (e.g. all POD are up and running)
ONAP installation shall be deterministic at functional level with 97% success rate (e.g. all functional modules are up and running, APIs are responsiveness, etc)
ONAP installation shall be determinstic at service level with 95% success rate (e.g. a service can be designed, distributed and deployed successfully)
same requirements when a single functional module is re-installed

Business Impact - Enables operators and service providers opex saving

Business Markets - All operators and service providers can leverage the benefit of a deterministic installation

Funding/Financial Impacts - Reduction in operations expense

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP projects shall upgrade all outdated, vulnerable direct dependencies in their code base

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - All ONAP projects shall reduce the risks associated with software vulnerabilities in the ONAP code base by upgrading all outdated, vulnerable direct dependencies in their code bases following the recommendations of SECCOM. The project and repo specific recommendations are provided in the Security Vulnerability space.

Business Impact - Improves the security posture of ONAP.

Business Markets - All operators and service providers can leverage the of fewer vulnerabilities in the open source dependencies in ONAP

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP projects shall define code coverage improvements and achieve at least 55% code coverage

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - Each project written in Java, Python or Javascript must provide the planned percent improvement in code coverage by M2 and meet the planned improvement by M4. Code coverage for each project must be at least 55% of the code base.

Business Impact - Improves the security posture of ONAP by improving the testing suite.

Business Markets - All operators and service providers can use the automated test suites in their own environments

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP shall increase the number of security tests performed during integration testing

Key Contacts - Amy Zwarico Krzysztof Opasiak Sylvain Desbureaux

Executive Summary - Integration testing shall continue to test for unsecure communication (HTTP) and vulnerable ports (e.g., JDWP). Integration shall add tests to ensure that project containers use the versions of Java, Python, Linux, Docker, database and utilities specified in Guilin versions.

Business Impact - Improves the security posture of ONAP by using current versions and simplifies the deployment.

Business Markets - All operators and service provider.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP shall increase the number of Docker Benchmark tests

Key Contacts - Amy Zwarico Krzysztof Opasiak Sylvain Desbureaux

Executive Summary - Integration testing shall include tests that a non-root user for the container has been created, containers use only trusted base images (versions specified on Guilin versions), and HEALTHCHECK instructions have been added to container images.

Business Impact - Improves the security posture of ONAP by hardening containers.

Business Markets - All operators and service provider.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP must complete update of the java language (from v8 -> v11)

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - All ONAP projects using java shall reduce the risks associated with no regular support for java v8 software as it causes increase of usage risk, as recommended by SECCOM.

Business Impact - Improves the security posture of ONAP.

Business Markets - All operators, service providers and entities using ONAP.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP must complete update of the Python language (from 2.7 -> 3.8)

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - All ONAP projects using Python shall reduce the risks associated with no community support for Python 2.7 software as it causes increase of usage risk, as recommended by SECCOM.

Business Impact - Improves the security posture of ONAP.

Business Markets - All operators, service providers and entities using ONAP.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP shall use STDOUT for logs collection

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - All ONAP projects should use a common place for logs data - all applications should generate logs that can be collected by Kubernetes in STDOUT, as recommended by SECCOM.

Business Impact - Improves the security posture of ONAP.

Business Markets - All operators, service providers and entities using ONAP.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

Guilin release - non-functional requirements proposed list

Support for the Multi Tenancy in ONAP

Key Contacts - Seshu Kumar Mudiganti Olivier Phenix

Executive Summary - Provide the multi tenant non-functional support in ONAP

Business Impact - Enables operators and service providers to use leverage ONAP

Business Markets - All operators and service providers can leverage the multi-tenancy functionality of ONAP

Funding/Financial Impacts - Reduction in operations expense from using industry standard Interfaces.

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

Documenting ONAP APIs

Key Contacts - Andy Mayer

Executive Summary - Improve ONAP API Documentation:

Proposed non-functional requirements for Guilin release:

Business Impact - Enables developers, operators and service providers to use leverage ONAP; Improve integration velocity for API client developers; Ease development handoffs;

Business Markets - All developers,operators and service providers can leverage ONAP APIs

Funding/Financial Impacts - Reduction in development and integration expense from using well defined open Interfaces.

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP installation shall be deterministic

Key Contacts - Alessandro D'Alessandromarco.signorelli@telecomitalia.it

Executive Summary - the result of ONAP installation is not yet deterministic. That also refer to the re-installation of single ONAP component.

Business Impact - Enables operators and service providers opex saving

Business Markets - All operators and service providers can leverage the benefit of a deterministic installation

Funding/Financial Impacts - Reduction in operations expense

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP projects shall upgrade all outdated, vulnerable direct dependencies in their code base

Key Contacts - Amy Zwarico Paweł Pawlak

Business Impact - Improves the security posture of ONAP.

Business Markets - All operators and service providers can leverage the of fewer vulnerabilities in the open source dependencies in ONAP

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP projects shall define code coverage improvements and achieve at least 55% code coverage

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - Each project written in Java, Python or Javascript must provide the planned percent improvement in code coverage by M2 and meet the planned improvement by M4. Code coverage for each project must be at least 55% of the code base.

Business Impact - Improves the security posture of ONAP by improving the testing suite.

Business Markets - All operators and service providers can use the automated test suites in their own environments

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP shall increase the number of security tests performed during integration testing

Key Contacts - Amy Zwarico Krzysztof Opasiak Sylvain Desbureaux

Executive Summary - Integration testing shall continue to test for unsecure communication (HTTP) and vulnerable ports (e.g., JDWP). Integration shall add tests to ensure that project containers use the versions of Java, Python, Linux, Docker, database and utilities specified in Guilin versions.

Business Impact - Improves the security posture of ONAP by using current versions and simplifies the deployment.

Business Markets - All operators and service provider.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP shall increase the number of Docker Benchmark tests

Key Contacts - Amy Zwarico Krzysztof Opasiak Sylvain Desbureaux

Executive Summary - Integration testing shall include tests that a non-root user for the container has been created, containers use only trusted base images (versions specified on Guilin versions), and HEALTHCHECK instructions have been added to container images.

Business Impact - Improves the security posture of ONAP by hardening containers.

Business Markets - All operators and service provider.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP must complete update of the java language (from v8 -> v11)

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - All ONAP projects using java shall reduce the risks associated with no regular support for java v8 software as it causes increase of usage risk, as recommended by SECCOM.

Business Impact - Improves the security posture of ONAP.

Business Markets - All operators, service providers and entities using ONAP.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP must complete update of the Python language (from 2.7 -> 3.8)

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - All ONAP projects using Python shall reduce the risks associated with no community support for Python 2.7 software as it causes increase of usage risk, as recommended by SECCOM.

Business Impact - Improves the security posture of ONAP.

Business Markets - All operators, service providers and entities using ONAP.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.

ONAP shall use STDOUT for logs collection

Key Contacts - Amy Zwarico Paweł Pawlak

Executive Summary - All ONAP projects should use a common place for logs data - all applications should generate logs that can be collected by Kubernetes in STDOUT, as recommended by SECCOM.

Business Impact - Improves the security posture of ONAP.

Business Markets - All operators, service providers and entities using ONAP.

Funding/Financial Impacts - N/A

Organization Mgmt, Sales Strategies -There is no additional organizational management or sales strategies for this requirement outside of a service providers "normal" ONAP deployment and its attendant organizational resources from a service provider.