Skip to end of metadata
Go to start of metadata

The following items are expected to be completed for the project to Pass the M3 API Freeze Milestone.

M3 Release Architecture Milestone overview is available in wiki.

Usage

  1. Use the "Copy" and "Move" options (available under the ..., top right of this page) to duplicate this template into your project wiki.
  2. Fill out the Yes/No column
  3. Provide link to evidence (when necessary)
Practice AreaCheckpointYes/NoEvidencesHow to?





SecurityHas the Release Security/Vulnerability table been updated in the   protected Security Vulnerabilities wiki space?YesR4 APPC Security/Vulnerability - Full ContentPTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off?NoRequirements and test cases for transport layer encryption have been   created for all interfaces not currently supporting encryption.
Has the project documented all open port information?YesOOM NodePort List
Has the project provided the communication policy to OOM and Integration?No

tracking on APPC-1487 - Getting issue details... STATUS for details

 Recommended Protocols
Do you have a plan to address by M4 the Critical  and High vulnerabilities   in the third party libraries used within your project?Yes

*APPC inherits from ODL. APPC is working with ODL community to address the security vulnerabilities issues. Please see ODL TSC meeting note: https://meetings.opendaylight.org/opendaylight-meeting/2019/tsc/opendaylight-meeting-tsc.2019-02-21-16.58.html

R4 APPC Security/Vulnerability - Full Content

  • Replace vulnerable packages
  • Document false positives in the release notes if it is not possible to replace the vulnerable packages
  • Document vulnerabilities inherited in dependencies: include the name of the dependency and any mitigations that can be implemented by an ONAP user
Architecture


Has the Project team reviewed the APIs with the Architecture Committee (ARC)?Yes

ONAPARC-408 - Getting issue details... STATUS

Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough.

Is there a plan to address the findings the API review?Yes

APPC-1442 - Getting issue details... STATUS is the epic to track new DistributeTrafficCheck API

The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki.
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval?YesNAIn the case some changes are necessary, bring the request to the TSC for review and approval.

Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone?

NoIf Yes, please a link to the evidence of these changes.Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes.
Provide link to the API Documentation.YesAPPC LCM API Guide
Release ManagementAre committed Sprint Backlog Stories been marked as "Closed" in Jira board?YesAPPC Board
Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira?YesAPPC Board
Have all findings from previous milestones been addressed?N/ANo previous findings
DevelopmentIs there any pending commit request older than 36 Business hours in Gerrit?No

Do you have a plan to address by M4 the Critical  and High vulnerabilities in the third party libraries used within your project?YesR4 APPC Security/Vulnerability - Full ContentEnsure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo.

Are all the Jenkins jobs successfully passed ( Merge-Jobs)?

Yeshttps://jenkins.onap.org/view/appc/
Are all binaries available in Nexus?Yeshttps://nexus.onap.org/#nexus-search;quick~appc

Integration and Testing

Have 50 % of System Integration Testing Use Cases been implemented successfully in Jenkins?

It should include at least 1 CSIT that will be run on

Lab-xxx-OOM-Daily Jenkins Job

Yes

https://sonar.onap.org/component_measures?id=org.onap.appc%3Aappc&metric=line_coverage

APPC CSIT describes in APPC CSIT Functional Test Cases


Has the project code successfully passed the Daily Build process?Yeshttps://jenkins.onap.org/view/appc/Goal is to ensure the latest project commit has not broken the Integration Daily Build 
Has the project passed the Integration Sanity Tests?Yes

Integration sanity tests in Dublin Release cover:

  • ONAP deployment
  • All components health check
  • VNF onboarding and service creation for vFW use case
  • Model distribution for vFW
  • vFW instantiation
  • vFW closed loop
  • vFW deletion

No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1

No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues

ModelingHas the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)?Yes

APPC provides one single definition for API:
APPC API GUIDE

APPC uses Yang model to define LCM Action: Yang Model for LCM Action for payload.

APPC uses swagger 1.2 apidoc that provided by ODL ( see some sample links in APPC WindRiverLab )

APPC does not use TOSCA model in R4.


It is a non-blocking item for M3 - The Modeling team is gathering information