[ExtAPI] Dublin M3 API Freeze Milestone Checklist
- Matthieu Geerebaert
The following items are expected to be completed for the project to Pass the M3 API Freeze Milestone.
M3 Release Architecture Milestone overview is available in wiki.
Usage
Use the "Copy" and "Move" options (available under the ..., top right of this page) to duplicate this template into your project wiki.
Fill out the Yes/No column
Provide link to evidence (when necessary)
Practice Area | Checkpoint | Yes/No | Evidences | How to? |
|---|---|---|---|---|
Security | Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space? | Yes | Table in in the protected Security Vulnerabilities wiki space: R4 ExtAPI Security/Vulnerability Threat - Full Content | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table |
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off? | Yes | NBI registers APIs into MSB which provides HTTPS for external access. Internal HTTPS has not been prioritized on DUBLIN Note: Check and update MSB registration EXTAPI-216: Check if NBI is available as HTTPs only via MSBOpen Test ( need MSB and a deployed instance, tests will be provided as postman collection ) | ||
Has the project documented all open port information? | Yes | 30274 => 8080 | Update OOM NodePort List | |
Has the project provided the communication policy to OOM and Integration? | TODO | |||
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | Yes | Already done the most part: From 11 to 3 security threats from Casablanca to Dublin master branch. |
| |
Architecture | Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | Yes | Architecture walk through to understand how each project contributes on Release Use Case. ARC to organize the walk through. | |
Is there a plan to address the findings the API review? | Yes | EXTAPI-217: Take into consideration API review done by the ARC committeeClosed | The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki. | |
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | Yes | In the case some changes are necessary, bring the request to the TSC for review and approval. | ||
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | No | Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes. | ||
Provide link to the API Documentation. | Yes | |||
Release Management | Are committed Sprint Backlog Stories been marked as "Closed" in Jira board? | NA | Backlog not used, only issue tracking https://jira.onap.org/secure/RapidBoard.jspa?projectKey=EXTAPI&rapidView=43&view=planning | |
Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira? | NA | Backlog not used, only issue tracking | ||
Have all findings from previous milestones been addressed? | NA | No issues | ||
Development | Is there any pending commit request older than 36 Business hours in Gerrit? | No | Gerrit Query: status:open label:verified -is:draft -label:Code-Review=-1 AND -label:Code-Review=-2 AND is:mergeable age:1week | |
Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | Yes | Yes Coverage 77.00% https://sonar.onap.org/dashboard?id=org.onap.externalapi-nbi%3Anbi-rest-services | ||
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? | Yes | Java https://jenkins.onap.org/job/externalapi-nbi-master-merge-java/ | ||
Are all binaries available in Nexus? | Yes | Java https://nexus.onap.org/#nexus-search;quick~nbi docker | ||
Integration and Testing | Have 50% of System Integration Testing Use Cases been implemented successfully in Jenkins? It should include at least 1 CSIT that will be run on Lab-xxx-OOM-Daily Jenkins Job | No | Not implemented in OOM Only one test currently, running outside oom context https://jenkins.onap.org/view/CSIT/job/externalapi-nbi-master-csit-healthcheck/ | |
Has the project code successfully passed the Daily Build process? | Yes | Both java an docker daily build | Goal is to ensure the latest project commit has not broken the Integration Daily Build | |
Has the project passed the Integration Sanity Tests? | No | Not implemented in NBI | Integration sanity tests in Dublin Release cover:
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1 No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues | |
Modeling | Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)? | Yes | Each API resources is documented with swagger, as json or yaml, and each data model is also described as plantuml and xml schemas Here the master readthedoc sources ( not yet build and available online ) https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_serviceOrder https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_hub https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_serviceInventory https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_status | It is a non-blocking item for M3 - The Modeling team is gathering information |