The following items are expected to be completed for the project to Pass the M3 API Freeze Milestone.
M3 Release Architecture Milestone overview is available in wiki.
Practice Area | Checkpoint | Yes/No | Evidences | How to? |
---|---|---|---|---|
Security | Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space? | Yes | Table in in the protected Security Vulnerabilities wiki space corresponds to the latest NexusIQ scan | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table |
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off? | Yes | AAF always has TLS on, and enables others to do so. | ||
Has the project documented all open port information? | Yes | OOM NodePort List (see aaf-locate, aaf-service, etc) | ||
Has the project provided the communication policy to OOM and Integration? | Yes | AAF Clients enforce TLS1.1 and 1.2 | Note: Corporations CAN modify this for their specific needs with CADI properties: "cadi_protocols" and "http_protocols", see | |
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | N/A | AAF Core (authz) has NO vulnerability issues AAF Plugins (cadi) has no intrinsic vulnerabilities. | ||
Architecture | Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | Yes | Architecture team reviewed and approved March 6, 2019 https://wiki.onap.org/display/DW/AAF+R4+-+M3+Architecture+Review | |
Is there a plan to address the findings the API review? | N/A | Architecture team approved without actionable findings. | ||
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | Yes | No API changes planned. | ||
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | No | AAF is on track. | ||
Provide link to the API Documentation. | Yes | https://aaf-onap-test.osaaf.org:8095/gui/api | ||
Release Management | Are committed Sprint Backlog Stories been marked as "Closed" in Jira board? | Yes | https://jira.onap.org/secure/RapidBoard.jspa?rapidView=69&projectKey=AAF | |
Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira? | Yes | https://jira.onap.org/secure/RapidBoard.jspa?rapidView=69&projectKey=AAF | ||
Have all findings from previous milestones been addressed? | Yes | No Findings from Previous Milestones | ||
Development | Is there any pending commit request older than 36 Business hours in Gerrit? | Gerrit Query: status:open label:verified -is:draft -label:Code-Review=-1 AND -label:Code-Review=-2 AND is:mergeable age:1week | ||
Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | No | Goal: 55% for Incubation project in the current release | Guidance on Code Coverage and Static Code Analysis Note: We are working our JUnit plan to increase best we can, however, we can only promise an increase in percentage, not 50%+, given only 1 set of person hours allocated to AAF in total. | |
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? | Yes | |||
Are all binaries available in Nexus? | Yes | https://nexus.onap.org/#nexus-search;quick~org.onap.aaf.authz | ||
Integration and Testing | Have 50% of System Integration Testing Use Cases been implemented successfully in Jenkins? It should include at least 1 CSIT that will be run on Lab-xxx-OOM-Daily Jenkins Job | Yes | https://jenkins.onap.org/view/aaf/job/aaf-master-csit-aafapi/ | |
Has the project code successfully passed the Daily Build process? | Yes | |||
Has the project passed the Integration Sanity Tests? | Yes |
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1 No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues |
Note: Modeling was added after I started the Template, but WIKI Editing does not allow for the adding of a new Practice Area.
Modeling | Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)? | No | Note: AAF is Infrastructure, and either provides the necessary library (CADI, CADI Filter) or responds to standard HTTP/S: Transactions Since this is not a Blocker, and there is no apparent input into the overall Data Model, it does not seem like a good use of limited resources. |