Istanbul Risks
- David McBride
- Vijay Kumar
- krishna moorthy
This centralized page, for all Istanbul projects, is aimed at identifying the risks as they are foreseen within the release life cycle.
A Risk that materialized becomes an Issue.
Status:
Identified: a risk that has been identified, but has not yet been analyzed / assessed yet
Assessed: an identified risk which currently has no risk response plan
Planned: an identified risk with a risk response plan
In-Process: a risk where the risk response is being executed
Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
Not occurred: a risk that was identified but that did not occur
Rejected: created and kept for tracking purposes but considered not to be used yet
Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status | Notes |
|---|---|---|---|---|---|---|---|---|---|---|
1 | OOF | Jun 8, 2021 | Problem with removing GPLv3 components from OSDF docker image | OSDF | Possible ways of solving the problem are documented here. OSDF Image optimization | Raise an exception for this release and continue to work on it | Medium | Medium | Identified | |
2 | Policy | Jun 10, 2021 | Problems resulting from upgrade of jetty-server | Policy, oparent | Request update to oparent sooner rather than later so that impact may be assessed | Raise an exception for this release and continue to work on it | Low | High | Not occurred (based on discussion with @James Hahnin PTL meeting Aug 23) | Reviewed Aug 23 |
3 | Policy | Jun 10, 2021 | Problems resulting from upgrade of CDS jars | Policy, CDS | Be proactive with CDS team | Medium | Low | Closed (based on discussion with @James Hahnin PTL meeting Aug 23) | Reviewed Aug 23 | |
4 | Policy | Jun 11, 2021 | TSOCA Control Loops are dependent on migration of DCAE kubernetes | Policy, DCAE | Be proactive with DCAE team | Medium | Medium | In process (based on discussion with @Liam Fallon in PTL meeting Aug 23) | Reviewed Aug2 3 | |
5 | AAI | Jun 11, 2021 | Lack of resources to deliver security bugs/issues REQ-439 - CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES AAI-3194, AAI-3292 | AAI | Make best efforts to resolve the security findings | Raise an exception for this release and continue to work on it | Medium | Low | TBD - @William Reehilplanning to file waiver. Discuss with Catherine what the appropriate status should be. | Reviewed Aug 23 |
6 | AAI | Jun 11, 2021 | Janusgraph does not support Java 11 REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) | AAI | Not much we can do | Raise an exception for this release and hope janusgraph supports java 11 in the coming release | High | Low | TBD - @William Reehilwaiver filed. Discuss with Catherine what the appropriate status should be. | Reviewed Aug 23 |
7 | DMaaP Message Router | Jan 21, 2021 | REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints. | DMaaP | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | High | Low | Identified | |
9 | CCSDK | Jun 16, 2021 | Most recent AAF shiro plugin version appears to still be compiled for Java 8, which causes problems when installed in Karaf under Java 11. | AAF | AAF plugin is not installed until this is resolved - installing it breaks the container. | Will continue to use built-in ODL credentials instead of using AAF to authenticate | High | Low | Assessed (based on discussion with @Dan Timoneyin PTL meeting Aug 23) | Reviewed Aug 23 |
10 | DCAE | Jun 16, 2021 | REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) dcaemod-designtool & dcaemod-nifi-registry has dependency on upstream (NiFI) project which is currently on java8 | DCAE | Continue H version | Waiver/Exception to be filed with SECCOM | High | Low | Closed (10/18/2021) (Exception filed for Nifi components; all other DCAE components/containers upgraded to java11) | |
11 | DCAE | Jun 16, 2021 | Scope of DCAE Transformation (REQ-685) being large and dependency on multiple projects (DCAE, OOM, Integration, CLAMP) - there is risk in completing the planned scope in entierity for this release | DCAE, Integration, OOM, CLAMP | Periodic assessment with all impacted project; adjust target scope if required. | Defer subset of features to J release | Medium | Medium | Closed (10/18/2021) (Integration Testsuite migration work (INT-1895) has been deferred to Jakarta due to resource constraint. Rest of planned scope has been delivered for Istanbul) | |
12 | UUI | Jun 17, 2021 | USECASEUI-574: PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR ISTANBULClosed Update the vulnerable direct dependencies in code base but the result is unknown, and we don't have the lab environment to verify it now | UUI | Delay it until our lab environment is ready | High | Low | Identified | ||
13 | UUI | Jun 17, 2021 | USECASEUI-405: 2 components in one DockerClosed Not enough human resource to do this modification | UUI | Continue working on it until next release | High | Low | Identified | ||
14 | SDC | Jun 17, 2021 | Not able to fix all the identified security issues required by the global requirement REQ-443: CONTINUATION OF BEST PRACTICES BADGING SCORE IMPROVEMENTS FOR SILVER LEVELIn Progress, reported in SDC-3607: fix CRITICAL xss (cross site scripting) issues identified in sonarcloudClosed and SDC-3608: fix CRITICAL xxe (XML External Entity) issues identified in sonarcloudClosed | SDC | Source resources to take a look and responsibility to fix the issues as soon as possible. Items will be tracked twice a week. | Raise an exception for this release and continue to work on it | Low | Low | Not occurred | |
15 | SDC | Jun 17, 2021 | Not able to update all the required vulnerabilities, as per general requirement REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIESIn Progress | SDC | Continuously monitor the vulnerabilities reported | Raise an exception for this release and continue to work on it | Low | Low | Not occurred | |
16 | SDC | Jun 17, 2021 | Code coverage fail to meet the required goal. Currently we are very close to the requirement of at least 55% of line coverage. | SDC | Track code coverage closely and try to identify the changes that introduced drops and improve them. | Raise an exception for this release and continue to work on it | Low | Low | Not occurred | |
17 | SDC | Jun 17, 2021 | Not able to fix https://lf-onap.atlassian.net/browse/OJSI-94. Was identified that the issue requires a significant change in the front end of the workflow plugin in SDC. There is no resource for now to deal with the problem. | SDC | Try to find resources in the community to work on the issue. The issue will be tracked twice a week during the release. | Raise an exception for this release and continue to work on it | High | Low | Identified | |
18 | SO | Oct 11, 2021 | Need a patch for the NSSMF adapter for the defect found during the E2E pairwise testing. | SO | Patch nssmf-adapter 1.9.1 is made and released for the Istanbul release | This is the first patch for nssmf-adapter in the I release on oom and hence the risk is raised. | Medium | Low | In progress. TSC has been informed about the change. | |