...
Practice Area | Checkpoint | Yes/No | Evidences | How to? |
---|---|---|---|---|
Security | Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space? | Yes | Table in in the protected Security Vulnerabilities wiki space corresponds to the latest NexusIQ scan | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table |
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off? | Yes | Requirements and test cases for transport layer encryption have been created for all interfaces not currently supporting encryption. VES - Supports secure interface; disabled by default (due to xNF/simulator dependencies) DFC - Supports secure interface by default HV-VES - Support secure interface by default. RESTConf - Can support secure interface; followed up with BBS team if secure communication should be enabled by default for integration testing (has dependency on external domain controller/simulator). | ||
Has the project documented all open port information? | Yes | VES - 8080/8443 HV-VES - 6061/6060 RESTConf - 8080 DFC - 8100, 8433 | ||
Has the project provided the communication policy to OOM and Integration? | Yes | New collector - RESTConf introduced for Dublin; notified Integration team. | Recommended Protocols | |
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | Yes | For the ones with active Jira identified here https://wiki.onap.org/pages/viewpage.action?pageId=51282478 Rest of dependency will need exception for Dublin |
| |
Architecture | Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | Yes | Completed 03/05 - DCAE R4 - M3 Architecture Review | Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough. |
Is there a plan to address the findings the API review? | NA | The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki. | ||
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | Yes | NA | In the case some changes are necessary, bring the request to the TSC for review and approval. | |
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | No | If Yes, please a link to the evidence of these changes. | Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes. | |
Provide link to the API Documentation. | Yes | APIs that are carried forward to R4: https://onap.readthedocs.io/en/beijing/submodules/dcaegen2.git/docs/sections/apis/inventory.html https://onap.readthedocs.io/en/beijing/submodules/dcaegen2.git/docs/sections/apis/dcaecdap.html https://git.onap.org/dcaegen2/services/prh/tree/swagger.yaml https://git.onap.org/dcaegen2/collectors/ves/tree/swagger_vescollector_1.3.1.yaml https://git.onap.org/dcaegen2/platform/configbinding/tree/app/app/swagger.yaml RESTConf - https://git.onap.org/dcaegen2/collectors/restconf/tree/swagger_restconfcollector_1.0.0.yaml | ||
Release Management | Are committed Sprint Backlog Stories been marked as "Closed" in Jira board? | Yes | https://jira.onap.org/secure/RapidBoard.jspa?rapidView=49 | |
Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira? | Yes | https://jira.onap.org/secure/RapidBoard.jspa?rapidView=49&view=planning | ||
Have all findings from previous milestones been addressed? | Yes | Provide link to JIRA findings | ||
Development | Is there any pending commit request older than 36 Business hours in Gerrit? | No | ||
Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in | In-progress | Goal: 55% for Incubation project in the current release 16 off 20 components are > 55%. Since M2, 5 additional component met 55% target; WIP for remaining (below) - plan to address them by M4. | Guidance on Code Coverage and Static Code Analysis Tools: Sonar | |
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | Yes | For the ones with active Jira identified here https://wiki.onap.org/pages/viewpage.action?pageId=51282478 Rest of dependency will need exception for Dublin | Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. | |
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? | Yes | |||
Are all binaries available in Nexus? | Yes | All java components TCA: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/analytics/tca-gen2/ TCA-gen2: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/analytics/tca/ Datafile collector: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/collectors/datafile/ VES collector: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/collectors/ves/ HV-VES collector: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/collectors/hv-ves/ VES Mapper: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/services/mapper/ PRH: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/services/prh/ PM-Mapper: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/services/pm-mapper/ SON-Handler: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/services/son-handler/ Inventory API: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/platform/inventory-api/ Service Change Handler: https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/platform/servicechange-handler/ RESTConf - https://nexus.onap.org/content/groups/staging/org/onap/dcaegen2/collectors/restconf/ | ||
Integration and Testing | Have 50% of System Integration Testing Use Cases been implemented successfully in Jenkins? It should include at least 1 CSIT that will be run on Lab-xxx-OOM-Daily Jenkins Job | In-progress | https://jenkins.onap.org/view/dcaegen2/job/dcaegen2-master-verify-csit-prh-testsuites/ https://jenkins.onap.org/view/dcaegen2/job/dcaegen2-master-verify-csit-testsuites/ https://jenkins.onap.org/view/CSIT/job/dcaegen2-pmmapper-master-csit-pmmapper/ https://jenkins.onap.org/view/CSIT/job/dcaegen2-pmmapper-master-verify-csit-pmmapper/ | |
Has the project code successfully passed the Daily Build process? | Yes | Goal is to ensure the latest project commit has not broken the Integration Daily Build | ||
Has the project passed the Integration Sanity Tests? | Yes | Integration sanity tests in Dublin Release cover:
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1 No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues | ||
Modeling | Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)? | Yes | Datamodel used by DCAE service components is VES https://onap.readthedocs.io/en/beijing/submodules/dcaegen2.git/docs/sections/apis/inventory.html https://onap.readthedocs.io/en/beijing/submodules/dcaegen2.git/docs/sections/apis/dcaecdap.html https://git.onap.org/dcaegen2/services/prh/tree/swagger.yaml https://git.onap.org/dcaegen2/collectors/ves/tree/swagger_vescollector_1.3.1.yaml https://git.onap.org/dcaegen2/platform/configbinding/tree/app/app/swagger.yaml RESTConf - https://git.onap.org/dcaegen2/collectors/restconf/tree/swagger_restconfcollector_1.0.0.yaml | It is a non-blocking item for M3 - The Modeling team is gathering information |
...