Overview
The VNF Validation Platform (VVP) is an application to validate that OpenStack Heat Templates comply with the ONAP requirements and guidelines documented in the Heat section of the ONAP’s VNF Requirements and Guidelines documentation.
Adherence to these guidelines ensures that a VNF can be successfully onboarded, modeled, instantiated, and orchestrated by ONAP to the fullest extent possible.
VVP is a utility written in Python that can be executed via a command-line script, Docker container, or a native Desktop GUI application to analyze and report on the compliance of a given set of Heat templates to the ONAP requirements.
Refer to the Contributing section of VVP Documentation for information on how to contribute.
CII Badging
Security Concerns
VVP is a set of python scripts executed locally, without communication over the network. The interface provided to users is via cli, and yaml documents are loaded and linted according to the VNF Heat Template Guidelines.
This introduces one potential security concern, which is the loading of potentially unknown yaml documents on a users machine. According to the PyYaml documentation:
Warning: It is not safe to call yaml.load
with any data received from an untrusted source! yaml.load
is as powerful as pickle.load
and so may call any Python function. Check the yaml.safe_load
function though.
In 2018, vvp validation scripts were updated to use the PyYaml safe_load method to mitigate the potential for executing arbitrary python functions.
Bug reports :
Raise a bug report against the vvp project in the ONAP JIRA
Contribution process:
Refer to the ONAP contribution process see ONAP wiki Getting Involved
Requirements for acceptable contributions:
Refer to the ONAP contribution process. see ONAP wiki Developer Best Practices, Development Procedures & Policies
LFN code of conduct applies https://lfprojects.org/policies/code-of-conduct/