This centralized page, for all Casablanca projects, is aimed at identifying the risks as they are foreseen within the release life cycle.

A Risk that materialized becomes an Issue.


  • Identified: a risk that has been identified, but has not yet been analyzed / assessed yet 
  • Assessed: an identified risk which currently has no risk response plan 
  • Planned: an identified risk with a risk response plan
  • In-Process: a risk where the risk response is being executed 
  • Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
  • Not occurred: a risk that was identified but that did not occur 
  • Rejected: created and kept for tracking purposes but considered not to be used yet

Risk IDProject Team or person identifying the riskIdentification DateRisk (Description and potential impact)Team or component impacted by the risk

Mitigation Plan

(Action to prevent the risk to materialize)

Contingency Plan - Response Plan

(Action in case of the risk materialized)

Probability of occurrence (probability of the risk materialized)





CII Badging - Casablanca Release Criteria is about addressing test coverage (including JS)

Therefore some projects might not pass their CII Badging.

Any Project team who has JS as part of their code and who will not have enough bandwidth

Find an alternative to the current proposal,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,22721721

If it is confirmed that the solution (,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,22721721) is the right way to move forward then we believe that we should split the JS test coverage into several phases that will be implemented across multiple ONAP releases depending on each project’s bandwidth:

Phase 1 – Setup the infrastructure

Phase 2-  Analyze the SONAR test coverage and build a plan to meet JS test coverage criteria

Phase 3- Add test cases to meet the JS test coverage criteria

HighLow since agreement on the Mitigation Plan


6/27/18 update:

Current proposal presented to the Security Subcommittee to provide awareness

7/25/18 update:

Proposal accepted by the Security Committee. jS test coverage is descoped from the Casablanca release with the assumption that CLAMP will perform a pilot (setup infra, code change and few test cases) as part of the Casablanca release.

08/23/18 update: Closed

Agreement to close this risk at M3 review


Policy, VID apps that use portal/sdk will be directly impacted under S3P for logging support from portal/sdk due to lack of resources;

Policy, VID, Portal

Requesting open community for resources who can help with logging in portal/sdk.

20181005: update Helped with exposing their HTTPS/SSL nodeport under OOM-1455 - Getting issue details... STATUS

Actively looking for resources to support the logging integration from Portal perspective.HighHigh


  • Sep 27 2018: The logging work item is moved to Dublin - LOG-534 - Getting issue details... STATUS
  • Aug 09 2018: Michael O'Brien is looking into the portal/sdk and changes needed to performed from logging perspective. So that, the portal/sdk can be consumed by Policy, VID and Portal applications. As long as the logging is integrated in portal/sdk by API freeze, then the risk can be reduced from "High" to "Medium" and when the other teams consume the sdk, then the risk can be closed.
  • 20180726: Log team (Amdocs/AT&T) will work with portal and policy on deployment, spec alignment, aaf security (roles) -

LOG-534 - Getting issue details... STATUS


Logging Casablanca Scope


Policy, VID, AAI, SDC will be impacted under Security for AAF role management support required from portal/sdk due to lack of resources;

Policy, VID, AAI, SDC, PortalRequesting open community for resources who can help with AAF role management and CADI integration in portal/sdk.SDC, Policy, VID teams agreed that they maintain both HTTP and HTTPs ports open, so that the Portal is not completely broken.HighMedium


  • Sep 21 2018: The current state is to integrate with AAF not via CADI but via REST as described below in detail. So the Portal team released portal/sdk version 2.4.0 for Casablanca and 2.5.0 along with CADI is deferred for Dublin release.
  • Sep 06 2018: Portal team working with AAF team (Jonathan Gathman) and found few integration issues, however workaround is proposed and is being worked out.
    • Portal team still in the process of integration CADI framework in SDK to talk to AAF. We already have the capability to communicate with AAF for User Role Enforcement via REST.

    • To SDC, Policy, VID teams: We strongly recommend that you start upgrading the current version of SDK to 2.4.0 ( available in staging repository). Our team can help with the upgrade process. Once the CADI integration is fully implemented in 2.5.0 version, at that point it will be easier to just bump your POM to 2.5.0 from 2.4.0 as we are not anticipating any changes in the client code (by design).

      Please note. You are already aware of this but just to confirm:

      1. SDK will be used for User/Role enforcement only as it is doing today (when user accesses the application from browser). For Casablanca, we are not targeting System to System AAF Authorization.
      2. Certificate Management is the responsibility of individual Applications and not SDK.
  • Aug 09 2018: Sitharaman Trichy Ramasubramanian from IBM stepped up requesting the details on AAF - CADI risk. Once the IBM resources analyze the work and commit for the ETAs on the AAF integration into portal/sdk, then the risk priority can be reduced from High to Medium.
    • Proposal: However, AAF-CADI integration is still a risk to complete in portal-sdk as the work has not yet started by any resources and it will be too late for policy/sdc/vid/aai teams to consume in the same Casablanca release. So the proposal is to target for portal-sdk to integrate in Casablanca depending on the available IBM resources (also depends on their expertise on AAF to pick up the work) and then plan to consume the integrated portal/sdk by other teams in next release (D release).


OOM deployment is impacted if the DB scaling changes are not supported by Portal team; also the changes for simplification of etc/hosts entries impacts the OOM deployment which is not committed by Portal team so far due to lack of resources.

OOM, PortalRequesting open community for resources who can help with deployment upgrades in Portal using OOM. OOM team is looking into the OOM integration related Portal JIRA items, we may expect some support or contribution, but not committed yet.MediumMedium


  • Sep 27 2018: In Dublin release, OOM Team new plan is to address the common DB requirement as part of OOM-1209 - Getting issue details... STATUS
  • Sep 06 2018: OOM team (Prateek Khosla) working on OOM-1164 - Getting issue details... STATUS to address the a common Mariadb Charts that can be utilized by various applications (in this case Portal).
  • Aug 09 2018: OOM team is looking into the OOM integration related Portal JIRA items, we may expect some support or contribution, but not committed yet. After the commitment the risk can be reduced from High to Medium.
5Policy7/10/2018Scale Out Use Case: Moving to Dmaap based API call to SO for Scale out. This API was for both VID and Policy to use instead of the REST call for simplicity.PolicyIt doesn't look like the SO team has any epic or user story for developing this work in their M1 planning template.Fallback to using the current RESTful API to make the call - but this may not be sufficient to satisfy the Use Case.HighHigh

The following JIRA was created to support SO side:

SO-734 - Getting issue details... STATUS

Seshu Kumar Mudiganti - I hope you are aware of this work that your AT&T resources are doing.

Pamela Dragosh - There is already a story SO-676 created for the Scaleout in Casablanca

  Marking Closed per Gildas request during TSC.

6OOM7/24/2018Helm Chart transfer of ownership to project teams.

Prevents project teams from owning helm charts for their components.

But more importantly, prevents CI/CD.

Need LF to complete work started in Beijing (ticket # 53102) that addresses:

  • trigger builds per project instead of all projects once daily
  • build related Helm charts per project
  • publish Helm artifacts to LF hosted Helm repo

OOM-752 - Getting issue details... STATUS is blocking OOM-1242 - Getting issue details... STATUS

Work has now started and meetings are ongoing - will be addressed shortly.

CLAMP  7/19/2018 DCAE-DS service template and policy model not committed for Casablanca DCAE-DS/SDC, CLAMP

need to agree at least on a design during Casablanca release.

need to get commitment from SDC/DCAE-DS on development before  8/8, otherwise it will become a stretch goal for Casablanca

CLAMP will fallback on using just the blueprint for C.L distribution from DCAE-DS/SDC  High Medium


CLAMP will fallback on using just the blueprint for C.L distribution from DCAE-DS/SDC

CLAMP 7/19/2018 Policy team not yet sure to support the full api needed for Guard policy  CLAMP, Policy starting the work using the  not final API version given by policy team. guard API is a stretch goal for Casablanca

CLAMP will support scale out using Beijing policy api + new payload to allow injection of SO parameter manually in CLAMP UI.

Medium Low


Pamela Dragosh - The policy team understands and has shared the scope of doing the guard work and is committed to doing the work.

9APPC7/25/2018Decisions by team on ScaleOut use case for Casablanca is to have SO continue sending the configuration data via the payload, which means this is a test exercise for APPC. If  decision is reversed later, then we will need to reassess do-ability based on timeline.APPC, SOStick to original decision to have SO continue sending configuration data in the ScaleOut request payload.Stick to original decision to have SO continue sending configuration data in the ScaleOut request payload.Low-MediumMedium


1/8: Got confirmation that SO will continue sending the configuration data via the payload, which means this is a test exercise for APPC.

10APPC7/25/2018The requirement for new traffic migration LCM API is not finalized



Agreement with Ajay:  Traffic Migration use case will be planning: 1, Pull Ansible with RESTful  server docker image from CCSDK/SDNC, 2, APPC sends request to Ansible server with string of playbook name. 3, VNF owner writes all information in playbook. 4, Ansible server sends RESTful request to VNF in order to do the traffic migration use case.

Also in R3, APPC with owner of use case will define Traffic Migration LCM API, then implement the Traffic Migration LCM API in R4.


In Progress:

DistrubuteTraffic meeting notes




Changes to the ONAP Resource Data Model in R3


While OOF doesn’t directly interact with SDC, it consumes the model information indirectly through SO/AAI (and passing the solution with some of this information back to SO), and will be impacted if the SO/AAI APIs (and key parts of the payload) change in R3. The chance of occurrence of the risk is low assuming that there will be no/minimal changes to the SO-OOF API and the VNF resource models in AAI when documenting the TOSCA models.




12SO7/19/2018ATT Ecomp 1806 code mergeSOThe code merge of the seed code of ATT 1806 is gettig delayed due to yang model changes. This if further delayed could be an issue for the SO deliverables for Casablanca.If the code is not merged by July end time frame then we will need to drop the features for casablanca scope.HighHigh


13SO7/24/2018Scale out feature is risky from SO sideSOThe detailed design and the E2E flows are not yet clear and needs to be finalised at the earliest for this feature to go throughThe Usecase may not be able to make it in Casablanca without this clarity being bought.MediumHighclosed
14VID8/1/2018Scale out requirements are not finalizedScaling use caseFinalize requirements, or fallback to Beijing implementation of scaling outMeeting today with Scott and Steve (SO)MediumMediumClosed
15VID8/1/2018Need for AAF certification to implement HTTPS supportAAF integration

16CLAMP8/10/2018Need Policy API change to support Logging Specification 1.2CLAMP, PolicyTry to get resources for the API changeCLAMP, Policy won't be 100% compliant with the spec, will still try to implement other partsMediumMedium


this policy api used by CLAMP won't satisfy the log spec given that Policy team doesn't have the resources to implement it.

17Sparky-be9/10/2018Without AAF integration sparky can not launch on Https mode. Which means that portal also must launch in http to let sparky launch in http. This also means that CII requirements wont be meet by sparkySparky-be, AAIPortal should be configured to launch using both http and https. When AAI-UI(sparky) needs to be launched portal should be opened on http mode.


HPA Use Case

There were not enough resources given to support the HPA use case. Although Ericsson and AT&T covered the majority of the work, some parts of the development were not finished: CSIT, and S3P.

PolicyUtilize manual creation of policies as was done in Beijing.Request Intel to provide resource to finish the work and drive testing for this.HighLow



Logging10/02/2018Release multiple 6 jars/1 war in single repo - issues with all or nothing buildlogging only,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,26675742

This is the first release of logging with actual jar/war artifacts that may need to be in a 1:1 artifact/repo structure instead

work with LF to manually release each artifact by adjusting the pom structure for each artifact

mediummedium (our artifacts jars/war/docker/kubernetes) are for demo only and not used by any team in onap yet

LOG-715 - Getting issue details... STATUS