This centralized page, for all Honolulu projects, is aimed at identifying the risks as they are foreseen within the release life cycle.
A Risk that materialized becomes an Issue.
Status:
- Identified: a risk that has been identified, but has not yet been analyzed / assessed yet
- Assessed: an identified risk which currently has no risk response plan
- Planned: an identified risk with a risk response plan
- In-Process: a risk where the risk response is being executed
- Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
- Not occurred: a risk that was identified but that did not occur
- Rejected: created and kept for tracking purposes but considered not to be used yet
| Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status |
|---|---|---|---|---|---|---|---|---|---|
| 1 | OOF |
| Meeting the following requirement for CMSO - Upgrade vulnerable packages | OOF - CMSO | Will be taken up along with the feature implementation if it is required by the use cases | Project team will try to take up activity if no new feature is planned | Low | Low | Identified |
| 2 | UUI |
| usecase UI dockers contain GPLv3 USECASEUI-494 - Getting issue details... STATUS | UUI | Will take active action to contact Jira owner and find out witch package contains GPLv3 | Make the current dependencies work well and keep this problem to next release | High | Low | Identified |
| 3 | Policy |
| Some package upgrades (e.g., CDS) may require significant rework REQ-439 - Getting issue details... STATUS | Policy | Will continue to work on upgrades | Obtain a waiver for the problem packages | Medium | Medium | Identified |
| 4 | SDC |
| Some package upgrades may require significant rework REQ-439 - Getting issue details... STATUS | SDC | Will continue to work on upgrades | Obtain a waiver for the problem packages | Medium | Medium | Identified |
| 5 | AAI |
| Cannot upgrade to Java 11 for modules dependent on Java 8 only supported Janusgraph
| AAI | Nothing we can really do given the current constraints unless JanusGraph updates to working with Java 11 | Obtain a waiver for the mS with the core tech of Janusgraph | High | Low | Identified |
| 6 | DCAE |
|
Due to upstream dependency on NIFI project, some of MOD (NiFI) components (designtool/gen-processor/nifi-registry) will remain in java 8 | DCAE | Migrate/replace MOD NiFI components with custom containers for future release | Request waiver (discused with SECCOM and they are okay with filing exception for NiFI components) | High | Low | Closed; exception submitted for NiFi related components |
| 7 | DCAE | REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8 With Cloudify 3.x support releated by Cloudify under 5.1.1, DCAE CM pod upgrade is targetted for H release. This will be major upgrade requiring extensive regression. Marking this risk due to resource/time constraint. | DCAE | Based on severity of issue - we'll assess if new containers can be released for H release or if need to be withheld. | If switching to Guilin version (old CM 4.6 version) - will need waiver for Cloudify container and plugins | Medium | High | Not Occurred | |
| 8 | CPS |
| Upgrade vulnerable packages, which all are Transient dependencies | CPS | Working with SecCom to resolve high level vulnerabilities | Obtain a waiver for the problem packages | Medium | Low | Identified |
| 9 | DMaaP Message Router |
|
Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints. | DMaaP | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | High | Low | Identified |
| 10 | AAI |
| Upgrade vulnerable packages, which all are Transient dependencies | AAI | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | Medium | Low | Identified |
| 11 | VID |
| Upgrade vulnerable packages, which all are Transient dependencies | VID | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | Medium | Low | Identified |
| 12 | MultiCloud |
| REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) MultiCloud have updated to v3.7, which is the highest version that onappylog can support | MultiCloud | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | Identified |
| 13 | Modeling |
| REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) Modeling/etsicatlog can support V3.7, which is the highest version that onappylog can support | Modeling | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | resolved |
| 14 | VFC |
| REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) VFC can support V3.7, which is the highest version that onappylog can support | VFC | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | resolved |
| 15 | SO |
| Code coverage for the new repos created failed to meet the required goal. | SO | Code coverage goals | Obtain a waiver for the impacted components | High | High | Working on the coverage for code split and will be able to meet the goals by the RC0. |
| 16 | DMaaP kafka |
| Code coverage for the dmaap-kafka project failed to meet the required goal. | DMaaP kafka | Code coverage goals | Obtain a waiver for the impacted components | High | Low | Working with Sonar community to fix this unexpected coverage drop. |
| 17 | Policy |
| OOM merge for M3 is not yet complete, so RC0 is even more unlikely | Policy | Update OOM review to latest Policy images | Obtain a waiver | High | High | Withdrawn M3 OOM review was merged |
