Istanbul Risks
- David McBride
- Vijay Kumar
- krishna moorthy
This centralized page, for all Istanbul projects, is aimed at identifying the risks as they are foreseen within the release life cycle.
A Risk that materialized becomes an Issue.
Status:
Identified: a risk that has been identified, but has not yet been analyzed / assessed yet
Assessed: an identified risk which currently has no risk response plan
Planned: an identified risk with a risk response plan
In-Process: a risk where the risk response is being executed
Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
Not occurred: a risk that was identified but that did not occur
Rejected: created and kept for tracking purposes but considered not to be used yet
Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status | Notes |
|---|---|---|---|---|---|---|---|---|---|---|
1 | OOF | Jun 8, 2021 | Problem with removing GPLv3 components from OSDF docker image | OSDF | Possible ways of solving the problem are documented here. OSDF Image optimization | Raise an exception for this release and continue to work on it | Medium | Medium | Identified | |
2 | Policy | Jun 10, 2021 | Problems resulting from upgrade of jetty-server | Policy, oparent | Request update to oparent sooner rather than later so that impact may be assessed | Raise an exception for this release and continue to work on it | Low | High | Not occurred (based on discussion with @James Hahnin PTL meeting Aug 23) | Reviewed Aug 23 |
3 | Policy | Jun 10, 2021 | Problems resulting from upgrade of CDS jars | Policy, CDS | Be proactive with CDS team | Medium | Low | Closed (based on discussion with @James Hahnin PTL meeting Aug 23) | Reviewed Aug 23 | |
4 | Policy | Jun 11, 2021 | TSOCA Control Loops are dependent on migration of DCAE kubernetes | Policy, DCAE | Be proactive with DCAE team | Medium | Medium | In process (based on discussion with @Liam Fallon in PTL meeting Aug 23) | Reviewed Aug2 3 | |
5 | AAI | Jun 11, 2021 | Lack of resources to deliver security bugs/issues REQ-439 - CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES AAI-3194, AAI-3292 | AAI | Make best efforts to resolve the security findings | Raise an exception for this release and continue to work on it | Medium | Low | TBD - @William Reehilplanning to file waiver. Discuss with Catherine what the appropriate status should be. | Reviewed Aug 23 |
6 | AAI | Jun 11, 2021 | Janusgraph does not support Java 11 REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) | AAI | Not much we can do | Raise an exception for this release and hope janusgraph supports java 11 in the coming release | High | Low | TBD - @William Reehilwaiver filed. Discuss with Catherine what the appropriate status should be. | Reviewed Aug 23 |
7 | DMaaP Message Router | Jan 21, 2021 | REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints. | DMaaP | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | High | Low | Identified | |
9 | CCSDK | Jun 16, 2021 | Most recent AAF shiro plugin version appears to still be compiled for Java 8, which causes problems when installed in Karaf under Java 11. | AAF | AAF plugin is not installed until this is resolved - installing it breaks the container. | Will continue to use built-in ODL credentials instead of using AAF to authenticate | High | Low | Assessed (based on discussion with @Dan Timoneyin PTL meeting Aug 23) | Reviewed Aug 23 |
10 | DCAE | Jun 16, 2021 | REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) dcaemod-designtool & dcaemod-nifi-registry has dependency on upstream (NiFI) project which is currently on java8 | DCAE | Continue H version | Waiver/Exception to be filed with SECCOM | High | Low | Closed (10/18/2021) (Exception filed for Nifi components; all other DCAE components/containers upgraded to java11) | |
11 | DCAE | Jun 16, 2021 | Scope of DCAE Transformation (REQ-685) being large and dependency on multiple projects (DCAE, OOM, Integration, CLAMP) - there is risk in completing the planned scope in entierity for this release | DCAE, Integration, OOM, CLAMP | Periodic assessment with all impacted project; adjust target scope if required. | Defer subset of features to J release | Medium | Medium | Closed (10/18/2021) (Integration Testsuite migration work (INT-1895) has been deferred to Jakarta due to resource constraint. Rest of planned scope has been delivered for Istanbul) | |
12 | UUI | Jun 17, 2021 | https://lf-onap.atlassian.net/browse/USECASEUI-574 Update the vulnerable direct dependencies in code base but the result is unknown, and we don't have the lab environment to verify it now | UUI | Delay it until our lab environment is ready | High | Low | Identified | ||
13 | UUI | Jun 17, 2021 | https://lf-onap.atlassian.net/browse/USECASEUI-405 Not enough human resource to do this modification | UUI | Continue working on it until next release | High | Low | Identified | ||
14 | SDC | Jun 17, 2021 | Not able to fix all the identified security issues required by the global requirement https://lf-onap.atlassian.net/browse/REQ-443, reported in https://lf-onap.atlassian.net/browse/SDC-3607 and https://lf-onap.atlassian.net/browse/SDC-3608 | SDC | Source resources to take a look and responsibility to fix the issues as soon as possible. Items will be tracked twice a week. | Raise an exception for this release and continue to work on it | Low | Low | Not occurred | |
15 | SDC | Jun 17, 2021 | Not able to update all the required vulnerabilities, as per general requirement https://lf-onap.atlassian.net/browse/REQ-439 | SDC | Continuously monitor the vulnerabilities reported | Raise an exception for this release and continue to work on it | Low | Low | Not occurred | |
16 | SDC | Jun 17, 2021 | Code coverage fail to meet the required goal. Currently we are very close to the requirement of at least 55% of line coverage. | SDC | Track code coverage closely and try to identify the changes that introduced drops and improve them. | Raise an exception for this release and continue to work on it | Low | Low | Not occurred | |
17 | SDC | Jun 17, 2021 | Not able to fix https://lf-onap.atlassian.net/browse/OJSI-94. Was identified that the issue requires a significant change in the front end of the workflow plugin in SDC. There is no resource for now to deal with the problem. | SDC | Try to find resources in the community to work on the issue. The issue will be tracked twice a week during the release. | Raise an exception for this release and continue to work on it | High | Low | Identified | |
18 | SO | Oct 11, 2021 | Need a patch for the NSSMF adapter for the defect found during the E2E pairwise testing. | SO | Patch nssmf-adapter 1.9.1 is made and released for the Istanbul release | This is the first patch for nssmf-adapter in the I release on oom and hence the risk is raised. | Medium | Low | In progress. TSC has been informed about the change. | |