Portal R4 M3 Deliverables for API Freeze Milestone Checklist
The following items are expected to be completed for the project to Pass the M3 API Freeze Milestone.
M3 Release Architecture Milestone overview is available in wiki.
Practice Area | Checkpoint | Yes/No | Evidences | How to? |
|---|---|---|---|---|
Modeling | Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)? | N/A |
| It is a non-blocking item for M3 - The Modeling team is gathering information |
Security | Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space? | Yes | Portal Platform Security/Vulnerability Report (Dublin Release) | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table |
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off? | Yes | Requirements and test cases for transport layer encryption have been created for all interfaces not currently supporting encryption.
|
| |
Has the project documented all open port information? | Yes | Update OOM NodePort List | ||
Has the project provided the communication policy to OOM and Integration? | Yes |
| ||
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | No | No, please check details at RISK#3 - Dublin Risks. Security impact on Policy, VID apps that use portal/sdk regarding addressing NexusIQ security issues and AAF integration which is not committed by Portal team so far due to lack of resources; |
| |
Architecture
| Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | Yes | presented on February 26,2019 PortalR4M1ReleasePlanning(DublinRelease)-APIOutgoingDependencies | Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough. |
Is there a plan to address the findings the API review? | NA | Link to plan | The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki. | |
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | Yes | NA | In the case some changes are necessary, bring the request to the TSC for review and approval. | |
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | Yes | Scope change depends on the risks. So the status of the risk (#2,3,4) is updated and tracked closely at Dublin Risks | Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes. | |
Provide link to the API Documentation. |
| https://docs.onap.org/en/beijing/submodules/portal.git/docs/platform/offeredapis.html |
| |
Release Management | Are committed Sprint Backlog Stories been marked as "Done" in Jira board? | Yes |
| |
Are all tasks associated with Sprint Backlog Stories been marked as "Done" in Jira? | Yes |
| ||
Have all findings from previous milestones been addressed? | Yes |
| ||
Development | Is there any pending commit request older than 36 Business hours in Gerrit? | No |
|
|
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | NA | Nothing new is found yet. If found, we will plan to address | Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. | |
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? | Yes |
| ||
Are all binaries available in Nexus? | Yes |
| ||
Integration and Testing | Have 50 % of System Integration Testing Use Cases been implemented successfully in Jenkins? | Yes |
| |
Has the project code successfully passed the Daily Build process? | Yes | Goal is to ensure the latest project commit has not broken the Integration Daily Build |