/
CLAMP R4 - M3 Deliverables for API Freeze Milestone Checklist

CLAMP R4 - M3 Deliverables for API Freeze Milestone Checklist

Owned by Gervais-Martial Ngueko
Last updated: Mar 11, 2019 by ChrisC
4 min read

The following items are expected to be completed for the project to Pass the M3 API Freeze Milestone.

M3 Release Architecture Milestone overview is available in wiki.



Practice Area

Checkpoint

Yes/No

Evidences

How to?

Practice Area

Checkpoint

Yes/No

Evidences

How to?

Security

Has the Release Security/Vulnerability table been updated in the   protected Security Vulnerabilities wiki space?

Yes

R4 CLAMP Security/Vulnerability - Full Content (protected area!)

PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table

Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off?

Yes

CLAMP configuration allows to setup http or https settings for communication. that way you can switch on/off.



Has the project documented all open port information?

Yes

OOM NodePort List



Has the project provided the communication policy to OOM and Integration?

Yes



 Recommended Protocols

Do you have a plan to address by M4 the Critical  and High vulnerabilities   in the third party libraries used within your project?

Yes



  • Replace vulnerable packages

  • Document false positives in the release notes if it is not possible to replace the vulnerable packages

  • Document vulnerabilities inherited in dependencies: include the name of the dependency and any mitigations that can be implemented by an ONAP user

Architecture



Has the Project team reviewed the APIs with the Architecture Committee (ARC)?

Yes

CLAMP R4 - M3 Architecture Review

the review occurred on the 26th of February 2019 Architecture weekly meeting.

Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough.

Is there a plan to address the findings the API review?

N/A

there were no specific findings.

The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki.

Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval?

Yes

NA

In the case some changes are necessary, bring the request to the TSC for review and approval.

Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone?

No

If Yes, please a link to the evidence of these changes.

Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes.

Provide link to the API Documentation.

N/A





Release Management

Are committed Sprint Backlog Stories been marked as "Closed" in Jira board?

Yes

CLAMP Product Backlog



Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira?

Yes





Have all findings from previous milestones been addressed?

Yes

Provide link to JIRA findings



Development

Is there any pending commit request older than 36 Business hours in Gerrit?

No





Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar)

Yes

Goal: 55% for Incubation project in the current release

CLAMP is at more than 62%

Sonar

Guidance on Code Coverage and Static Code Analysis

Tools: Sonar

Do you have a plan to address by M4 the Critical  and High vulnerabilities in the third party libraries used within your project?

Yes



Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo.

Are all the Jenkins jobs successfully passed ( Merge-Jobs)?

Yes

Jenkins project tab



Are all binaries available in Nexus?

Yes

Nexus project folder



Integration and Testing


Have 50% of System Integration Testing Use Cases been implemented successfully in Jenkins?

It should include at least 1 CSIT that will be run on

Lab-xxx-OOM-Daily Jenkins Job

No

Jenkins project tab

CSIT tests are being reworked as part of this release, CLAMP model is changing hence it impacts existing CSIT tests that are being run,

MITIGATION : this is WIP - some tests will disappear/fail and new ones will appear - we have a plan to complete this by M4 including adding an OOM based test



Has the project code successfully passed the Daily Build process?

Yes



Goal is to ensure the latest project commit has not broken the Integration Daily Build 



Has the project passed the Integration Sanity Tests?

Yes

CLAMP container is kept healthy and is not reporting errors or impacting Integration work.

Integration sanity tests in Dublin Release cover:

  • ONAP deployment

  • All components health check

  • VNF onboarding and service creation for vFW use case

  • Model distribution for vFW

  • vFW instantiation

  • vFW closed loop

  • vFW deletion

No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1

No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues

Modeling

Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)?

No

CLAMP teams plans on providing the information

It is a non-blocking item for M3 - The Modeling team is gathering information