The following items are expected to be completed for the project to Pass the M3 API Freeze Milestone.
M3 Release Architecture Milestone overview is available in wiki.
Practice Area | Checkpoint | Yes/No | Evidences | How to? |
---|---|---|---|---|
Modeling | Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)? | N/A | It is a non-blocking item for M3 - The Modeling team is gathering information | |
Security | Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space? | Yes | Portal Platform Security/Vulnerability Report (Dublin Release) | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table |
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off? | Yes | Requirements and test cases for transport layer encryption have been created for all interfaces not currently supporting encryption.
| ||
Has the project documented all open port information? | Yes | OOM page | Update OOM NodePort List | |
Has the project provided the communication policy to OOM and Integration? | Yes | Recommended Protocols | ||
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | No | No, please check details at RISK#3 - Dublin Risks. Security impact on Policy, VID apps that use portal/sdk regarding addressing NexusIQ security issues and AAF integration which is not committed by Portal team so far due to lack of resources; |
| |
Architecture | Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | Yes | presented on February 26,2019 PortalR4M1ReleasePlanning(DublinRelease)-APIOutgoingDependencies | Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough. |
Is there a plan to address the findings the API review? | NA | Link to plan | The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki. | |
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | Yes | NA | In the case some changes are necessary, bring the request to the TSC for review and approval. | |
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | Yes | Scope change depends on the risks. So the status of the risk (#2,3,4) is updated and tracked closely at Dublin Risks | Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes. | |
Provide link to the API Documentation. | https://docs.onap.org/en/beijing/submodules/portal.git/docs/platform/offeredapis.html | |||
Release Management | Are committed Sprint Backlog Stories been marked as "Done" in Jira board? | Yes | Link to Story | |
Are all tasks associated with Sprint Backlog Stories been marked as "Done" in Jira? | Yes | Link to Task | ||
Have all findings from previous milestones been addressed? | Yes | Jira | ||
Development | Is there any pending commit request older than 36 Business hours in Gerrit? | No | ||
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | NA | Nothing new is found yet. If found, we will plan to address | Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. | |
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? | Yes | https://jenkins.onap.org/view/portal/ | ||
Are all binaries available in Nexus? | Yes | https://nexus.onap.org/#nexus-search;quick~portal/sdk | ||
Integration and Testing | Have 50 % of System Integration Testing Use Cases been implemented successfully in Jenkins? | Yes | Portal R4 Dublin Functional Test Cases | |
Has the project code successfully passed the Daily Build process? | Yes | https://jenkins.onap.org/view/portal/ | Goal is to ensure the latest project commit has not broken the Integration Daily Build |