Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 28th of September 2021.

Jira No
SummaryDescriptionStatusSolution

TSC update
  • SECCOM contribution to ONAP quality increase appreciated!!!
  • THANK YOU for all the contributions.
ongoing

DCAE update

  • Requirement to support by DCAE registry for HELM charts. Chartmuseum is maintained by Chart team.
  • 3 types of authentication supported.
  • Proposal is to restrict the client's list, once they have user names and passwords only ones who have to update/delete charts limits writing and access considerable just for those particular clients.
  • FW to be used to limit the access for reading to strictly ONAP applications.
  • mTLS could be a solution for read
ongoing

REQ-801

REQ-800

REQ-863

REQ-443

M4 update
  • Waivers tracing for SECCOM global requirements:
    • vfc-huawei-vnfm-driver -pending question
    • Wildcard not supported in waiver management (message-router-* was replaced by message-router-kafka and message-router-zookeeper
    • other yellow line
      • framework-artifactbroker remaining in java (dual version)
      • modeling-etsicatalog
      • uui/uui-server
    • pnf-macro-test-simulator shall be very soon run in a different namespace and shoudl disapeear, it is a simulator it coudl also be under waiver (not released with ONAP)
  • Security scans: https://logs.onap.org/onap-integration/weekly/onap_weekly_pod4_master/2021-09/14_13-40/
ongoing




Software BOMs
  • Nexus upgraded to latest version, LFN decision to use SPDX format and not cyclone or DX
  • Research on how the missing information can be collected (plugin to be used?), info.yaml, POM file for Maven and Jira on who submitted the code
  • We are not tracking 1to1 contribution tracing in the repository, so the information is upstream when commiter merges the code
ongoingMuddasar to research on how the missing information can be collected (plugin to be used?).

Last TSC
  • The official policy of the TSC on including unmaintained components in a release: Continue to use the latest version of the component (latest docker) if there is a dependency in other components.
  • 3 unmaintained components: portal, portal SDK and VID
  • Global Requirements are not tracked well, apart from the SECCOM ones (wink), but Release Manager does not track them ;-(, should be tracked by proper integration tests but it would be problematic for vulnerabilities management (packages upgrades).
ongoing



To further investigate Jira or feature template capability for that to include compliance requirement for Globar Requirement or Best Practice and then turnet into mnual or automatic validation. 


ONAP documentation

From green user perpective - a lot of info is missing on how to install ONAP or upgrade it - lot of missing information from ONAP documentation. Troubleshooting based on logs is painfull... Solution level thinking from user perpective, how to start and what is the sequence to install ONAP.

Sean is exploring POM file and some documented ONAP interdependencies.

In Amy'steam some developer is also doing similar effort.

ongoing

Pawel to sent an information to documentation team. We need a dependency map.



Angular experience to be shared if possible.


Feature intake template

Muddasar did not find prove of tracking the feature after its approval.

ongoing

To reach out PTLs on what could be the best way to tackle Jira template.

Muddasar will propose some initial template, contributions are welcome.

Muddasar will also reach out Alla as a follow up, feedback from testers might be also valuable.


New Best Practice for Jakarta

Apart from current global requirements we might want to follow any other requirements:

  • Security logging as best practice for Jakarta, it is not exactly REQ-441
    • good feedback from Vijay and Toine
    • our proposed format is from the perspective of logging outbound networks connections.  Bob thinks we may need to add some fields to handle the logging of inbound connections as well as general events that  originate internal to the container
    • Bob shared excel file for logging, container info is missing
started

New requirement to be created for security logging but PoC with CPS or best practice for Jakarta.



Logging requirements

Base images provision by Integration team to PTLs as a good foundation for logging and logger helper.

ongoingPresent idea to PTLs and socialize from Architecture perspective (Friday's meeting?). Meeting invitation to be shared by Amy to Toine and Vijay. After initial discussion idea could be presented during the PTL's meeting.

Chartmuseum

Slides presented by Tony uploaded below.

Requirement to support by DCAE registry for HELM charts. Chartmuseum is maintained by Chart team. 3 types of authentication supported.

Proposal is to restrict the client's list, once they have user names and passwords only ones who have to update/delete charts limits writing and access considerable just for those particular clients. FW to be used to limit the access for reading to strictly ONAP applications.

mTLS could be a solution for read?   Side car with cert could be interesting.

ongoingmTLS to be considered


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 5th OF OCTOBER'21. 





Recording: 

SECCOM presentation:



  • No labels