1 .. SPDX-License-Identifier: CC-BY-4.0
2 .. Copyright 2019 ORANGE
11 :Release Date: 2020-06-04
13 Frankfurt Release tag - 6.0.3
17 - `OJSI-136 <https://jira.onap.org/browse/OJSI-136>`_ - In default deployment EXTAPI (nbi) exposes HTTP port 30274 outside of cluster.
18 - `EXTAPI-347 <https://jira.onap.org/browse/EXTAPI-347>`_ - Move to mariadb galera instead of mariadb
19 - `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS with AAF artefacts
20 - `EXTAPI-294 <https://jira.onap.org/browse/EXTAPI-294>`_ - Add support for Service Orders using new "Object" type
21 - `EXTAPI-304 <https://jira.onap.org/browse/EXTAPI-304>`_ - Update SO request to use GR_API instead of VNF_API
22 - `EXTAPI-342 <https://jira.onap.org/browse/EXTAPI-342>`_ - NBI to SO: new URL and new Header params
23 - `EXTAPI-343 <https://jira.onap.org/browse/EXTAPI-343>`_ - NBI to SO: cloudowner value to be taken from application.properties
24 - `EXTAPI-258 <https://jira.onap.org/browse/EXTAPI-258>`_ - Identify whether the Service is of A-la-carte or macro type
25 - `EXTAPI-370 <https://jira.onap.org/browse/EXTAPI-370>`_ - Java 11 & oparent 3.0.0-SNAPSHOT
26 - `EXTAPI-378 <https://jira.onap.org/browse/EXTAPI-378>`_ - Update swagger based on spectral
27 - `EXTAPI-384 <https://jira.onap.org/browse/EXTAPI-384>`_ - SECCOM Java 11 migration from v8 [REQ-219] in NBI
28 - `EXTAPI-397 <https://jira.onap.org/browse/EXTAPI-397>`_ - Update Service Order Swagger to align to ONAP Style Guidelines
29 - `EXTAPI-399 <https://jira.onap.org/browse/EXTAPI-399>`_ - Fix Docker File Image to point to correct base and use 3.0.0 in pom
30 - `EXTAPI-400 <https://jira.onap.org/browse/EXTAPI-400>`_ - Migrate and Fix sonarcloud code coverage issue
31 - `EXTAPI-401 <https://jira.onap.org/browse/EXTAPI-401>`_ - remove sonar.jacoco.reportMissing.force.zero
32 - `EXTAPI-415 <https://jira.onap.org/browse/EXTAPI-415>`_ - Configure NBI with http xor https support, using basic spring capabilities
33 - `EXTAPI-417 <https://jira.onap.org/browse/EXTAPI-417>`_ - Support http local docker and https OOM via Env Variable
34 - `EXTAPI-423 <https://jira.onap.org/browse/EXTAPI-423>`_ - Check for CST template is case sensitive
35 - `EXTAPI-424 <https://jira.onap.org/browse/EXTAPI-424>`_ - Public HTTP port open
36 - `EXTAPI-427 <https://jira.onap.org/browse/EXTAPI-427>`_ - DMaap https port enable
38 Detail of NBI features are described in the readTheDoc documentation.
40 https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/index.html
49 In the Frankfurt release, External API has been updated to expose a https interface via OOM installations, in response to OJSI-136.
50 NBI has also upgraded to Java 11, using the base registry.gitlab.com/onap-integration/docker/onap-java image.
54 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
58 No major API changes. The API Major version is still 4.
62 Frankfurt API version is 4.1.0 i.e. Minor API changes only, as most changes are related to security updates. No new APIs.
63 Swagger changes are mainly in the use of additional markdown for API understanding and conformance to ONAP API Swagger Style Guidelines
64 https://wiki.onap.org/pages/viewpage.action?pageId=71834147
69 :Release Date: 2019-09-06
71 El Alto Release tag - 5.0.1
75 - `EXTAPI-248 <https://jira.onap.org/browse/EXTAPI-248>`_ - ExtAPI should not be polling SDC-DISTR-NOTIF-TOPIC-AUTO without authenticating
76 - `EXTAPI-249 <https://jira.onap.org/browse/EXTAPI-249>`_ - Change to oom dockers causing permissions failing when tosca parsing
77 - `EXTAPI-287 <https://jira.onap.org/browse/EXTAPI-287>`_ - NBI to SDC connectivity health checks fail
78 - `EXTAPI-305 <https://jira.onap.org/browse/EXTAPI-305>`_ - No Need for "ReadWriteMany" access on storage when deploying on Kubernetes
80 Detail of features described in the readTheDoc documentation.
82 https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/index.html
91 - Same as Dublin 4.0.0
95 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
99 No major API change. The API Major version is still 4.
103 El Alto API version is 4.0.1 i.e. Patch only
108 :Release Date: 2019-05-30
110 New major version v4 for the API, see Upgrade Notes
112 Dedicated Postman collection can be found in the integration project see `test/postman <https://git.onap.org/integration/tree/test/postman?h=dublin>`_
114 All tests suites have been re written in Karate, see `src/test/resources/karatetest <https://git.onap.org/externalapi/nbi/tree/src/test/resources/karatetest?h=dublin>`_ for inspiration.
118 Main new features are supports of
120 - `BroadBand Service Use Case ( BBS ) <https://wiki.onap.org/pages/viewpage.action?pageId=45297636>`_
121 - `Cross Domain and Cross Layer VPN ( CCVPN ) <https://wiki.onap.org/display/DW/CCVPN%28Cross+Domain+and+Cross+Layer+VPN%29+USE+CASE>`_
123 Main functional changes for BBS:
125 - `EXTAPI-98 <https://jira.onap.org/browse/EXTAPI-98>`_ - Service inventory notification`
126 - `EXTAPI-161 <https://jira.onap.org/browse/EXTAPI-161>`_ - New service specificationInputSchemas operation`
128 Main functional change for CCVPN
130 - `EXTAPI-182 <https://jira.onap.org/browse/EXTAPI-182>`_ - Create SO -> ExtAPI interface`
132 Many other changes and improvement are listed in JIRA:
134 - `All Dublin issues <https://jira.onap.org/issues/?filter=11786>`_
138 - `EXTAPI-197 <https://jira.onap.org/browse/EXTAPI-197>`_ - Bad hostname while registering on MSB
139 - `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS
140 - `EXTAPI-249 <https://jira.onap.org/browse/EXTAPI-249>`_ - Change to oom dockers causing permissions failing when tosca parsing
142 EXTAPI-249 has limited impact on BBS use case:
143 GET /serviceSpecification{id}
144 returns empty serviceSpecCharacteristic.
148 *Fixed Security Issues*
150 NBI has been improved to reduce signs of vulnerabilities,
151 especially by migrating from Springboot 1.x to Springboot 2 and using ONAP Parent pom.xml
153 *Known Security Issues*
155 - `OJSI-136 <https://jira.onap.org/browse/OJSI-136>`_ - In default deployment EXTAPI (nbi) exposes HTTP port 30274 outside of cluster.
156 NBI exposes non TLS API endpoint on port 30274, meaning full plain text exchange with NBI API.
157 TLS configuration, with ONAP Root CA signed certificate will be proposed in El Alto.
159 As a workaround it is quite easy to add HTTPS support to NBI by configuring SSL and activating strict https.
160 Presuming you have a valid JKS keystore, with private key and a signed certificate:
164 src/main/resources/application.properties
169 server.ssl.key-store-type=JKS
170 server.ssl.key-store=classpath:certificate/yourkeystore.jks
171 server.ssl.key-store-password=password
172 server.ssl.key-alias=youralias
174 # disable http and activate https
175 security.require-ssl=true
177 *Known Vulnerabilities in Used Modules*
179 - `Dublin Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=51282484>`_
183 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
187 API is a new MAJOR v4 version due to the deletion of the 'hasStarted' attribute from getServiceById response
190 So don't forget to use this new path:
198 **Deprecation Notes**
209 :Release Date: 2019-01-31
211 Part of Casablanca Maintenance Release tag - 3.0.1 January 31st, 2019
215 - `EXTAPI-164 <https://jira.onap.org/browse/EXTAPI-164>`_ - Start up failed without msb
216 - `EXTAPI-172 <https://jira.onap.org/browse/EXTAPI-172>`_ - Multiple service orders in a single request
218 Detail of features described in the readTheDoc documentation.
226 - `Casablanca Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=45310585>`_
230 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
233 https://wiki.onap.org/pages/viewpage.action?pageId=51282484
240 :Release Date: 2018-11-30
246 - `EXTAPI-96 <https://jira.onap.org/browse/EXTAPI-96>`_ - Add notification for serviceOrder API
247 - `EXTAPI-97 <https://jira.onap.org/browse/EXTAPI-97>`_ - Upgrade ServiceOrder API to manage modification UC
248 - `EXTAPI-100 <https://jira.onap.org/browse/EXTAPI-100>`_ - Improve ServiceInventory API
249 - `EXTAPI-101 <https://jira.onap.org/browse/EXTAPI-101>`_ - Integrate ExtAPI/NBI to MSB
250 - `EXTAPI-102 <https://jira.onap.org/browse/EXTAPI-102>`_ - Integrate ExtAPI/NBI to an E2E ONAP UC
251 - `EXTAPI-116 <https://jira.onap.org/browse/EXTAPI-116>`_ - Help NBI user to get information when Service order fails
252 - `EXTAPI-125 <https://jira.onap.org/browse/EXTAPI-125>`_ - Add support for progress percentage on ServiceOrder tracking
254 Detail of features described in the readTheDoc documentation.
258 No new issue (see Beijing ones)
262 - `Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=45301150>`_
266 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
270 No upgrade available from Beijing
272 **Deprecation Notes**
283 :Release Date: 2018-06-07
289 - `EXTAPI-39 <https://jira.onap.org/browse/EXTAPI-39>`_ - Retrieve SDC information (catalog information) for service level artifacts based on TMF633 open APIs - operation GET
290 - `EXTAPI-41 <https://jira.onap.org/browse/EXTAPI-41>`_ - Retrieve AAI information (inventory information) for service instance level artifacts based on TMF638 open APIs - operation GET
291 - `EXTAPI-42 <https://jira.onap.org/browse/EXTAPI-42>`_ - Create and retrieve SO service request for service level based on TMF641 open APIS - Operations POST & GET
293 Detail of features described in the readTheDoc documentation.
297 Not applicable - This is an initial release
303 - Find criteria are limited
305 For service inventory:
307 - Customer information must be passed to get complete service representation.
308 - Find criteria are limited.
312 - ServiceOrder will manage only 'add' and 'delete' operation (no change).
313 - Only service level request is performed.
314 - No request for VNF/VF and no call to SDNC.
315 - `EXTAPI-70 <https://jira.onap.org/browse/EXTAPI-70>`_ : links between customer/service instance and cloud/tenant not done (trigger VID issue).
316 - Only active service state is considered to add a service.
318 Detail of limitations described in the readTheDoc documentation.
322 External API code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The External API open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28382906>`_.
323 Authentication management and Data Access rights have not been implemented.
327 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
328 - `Passing Badge information for External API <https://bestpractices.coreinfrastructure.org/en/projects/1771>`_
329 - `Project Vulnerability Review Table for External API <https://wiki.onap.org/pages/viewpage.action?pageId=28382906>`_
333 Not applicable - This is an initial release
335 **Deprecation Notes**
337 Not applicable - This is an initial release