1 .. SPDX-License-Identifier: CC-BY-4.0
2 .. Copyright 2019 ORANGE
10 :Release Date: 2019-09-06
12 El Alto Release tag - 5.0.1
16 - `EXTAPI-248 <https://jira.onap.org/browse/EXTAPI-248>`_ - ExtAPI should not be polling SDC-DISTR-NOTIF-TOPIC-AUTO without authenticating
17 - `EXTAPI-249 <https://jira.onap.org/browse/EXTAPI-249>`_ - Change to oom dockers causing permissions failing when tosca parsing
18 - `EXTAPI-287 <https://jira.onap.org/browse/EXTAPI-287>`_ - NBI to SDC connectivity health checks fail
19 - `EXTAPI-305 <https://jira.onap.org/browse/EXTAPI-305>`_ - No Need for "ReadWriteMany" access on storage when deploying on Kubernetes
21 Detail of features described in the readTheDoc documentation.
23 https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/index.html
32 - Same as Dublin 4.0.0
36 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
40 No major API change. The API Major version is still 4.
44 El Alto API version is 4.0.1 i.e. Patch only
49 :Release Date: 2019-05-30
51 New major version v4 for the API, see Upgrade Notes
53 Dedicated Postman collection can be found in the integration project see `test/postman <https://git.onap.org/integration/tree/test/postman?h=dublin>`_
55 All tests suites have been re written in Karate, see `src/test/resources/karatetest <https://git.onap.org/externalapi/nbi/tree/src/test/resources/karatetest?h=dublin>`_ for inspiration.
59 Main new features are supports of
61 - `BroadBand Service Use Case ( BBS ) <https://wiki.onap.org/pages/viewpage.action?pageId=45297636>`_
62 - `Cross Domain and Cross Layer VPN ( CCVPN ) <https://wiki.onap.org/display/DW/CCVPN%28Cross+Domain+and+Cross+Layer+VPN%29+USE+CASE>`_
64 Main functional changes for BBS:
66 - `EXTAPI-98 <https://jira.onap.org/browse/EXTAPI-98>`_ - Service inventory notification`
67 - `EXTAPI-161 <https://jira.onap.org/browse/EXTAPI-161>`_ - New service specificationInputSchemas operation`
69 Main functional change for CCVPN
71 - `EXTAPI-182 <https://jira.onap.org/browse/EXTAPI-182>`_ - Create SO -> ExtAPI interface`
73 Many other changes and improvement are listed in JIRA:
75 - `All Dublin issues <https://jira.onap.org/issues/?filter=11786>`_
79 - `EXTAPI-197 <https://jira.onap.org/browse/EXTAPI-197>`_ - Bad hostname while registering on MSB
80 - `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS
81 - `EXTAPI-249 <https://jira.onap.org/browse/EXTAPI-249>`_ - Change to oom dockers causing permissions failing when tosca parsing
83 EXTAPI-249 has limited impact on BBS use case:
84 GET /serviceSpecification{id}
85 returns empty serviceSpecCharacteristic.
89 *Fixed Security Issues*
91 NBI has been improved to reduce signs of vulnerabilities,
92 especially by migrating from Springboot 1.x to Springboot 2 and using ONAP Parent pom.xml
94 *Known Security Issues*
96 - `OJSI-136 <https://jira.onap.org/browse/OJSI-136>`_ - In default deployment EXTAPI (nbi) exposes HTTP port 30274 outside of cluster.
97 NBI exposes non TLS API endpoint on port 30274, meaning full plain text exchange with NBI API.
98 TLS configuration, with ONAP Root CA signed certificate will be proposed in El Alto.
100 As a workaround it is quite easy to add HTTPS support to NBI by configuring SSL and activating strict https.
101 Presuming you have a valid JKS keystore, with private key and a signed certificate:
105 src/main/resources/application.properties
110 server.ssl.key-store-type=JKS
111 server.ssl.key-store=classpath:certificate/yourkeystore.jks
112 server.ssl.key-store-password=password
113 server.ssl.key-alias=youralias
115 # disable http and activate https
116 security.require-ssl=true
118 *Known Vulnerabilities in Used Modules*
120 - `Dublin Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=51282484>`_
124 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
128 API is a new MAJOR v4 version due to the deletion of the 'hasStarted' attribute from getServiceById response
131 So don't forget to use this new path:
139 **Deprecation Notes**
150 :Release Date: 2019-01-31
152 Part of Casablanca Maintenance Release tag - 3.0.1 January 31st, 2019
156 - `EXTAPI-164 <https://jira.onap.org/browse/EXTAPI-164>`_ - Start up failed without msb
157 - `EXTAPI-172 <https://jira.onap.org/browse/EXTAPI-172>`_ - Multiple service orders in a single request
159 Detail of features described in the readTheDoc documentation.
167 - `Casablanca Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=45310585>`_
171 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
174 https://wiki.onap.org/pages/viewpage.action?pageId=51282484
181 :Release Date: 2018-11-30
187 - `EXTAPI-96 <https://jira.onap.org/browse/EXTAPI-96>`_ - Add notification for serviceOrder API
188 - `EXTAPI-97 <https://jira.onap.org/browse/EXTAPI-97>`_ - Upgrade ServiceOrder API to manage modification UC
189 - `EXTAPI-100 <https://jira.onap.org/browse/EXTAPI-100>`_ - Improve ServiceInventory API
190 - `EXTAPI-101 <https://jira.onap.org/browse/EXTAPI-101>`_ - Integrate ExtAPI/NBI to MSB
191 - `EXTAPI-102 <https://jira.onap.org/browse/EXTAPI-102>`_ - Integrate ExtAPI/NBI to an E2E ONAP UC
192 - `EXTAPI-116 <https://jira.onap.org/browse/EXTAPI-116>`_ - Help NBI user to get information when Service order fails
193 - `EXTAPI-125 <https://jira.onap.org/browse/EXTAPI-125>`_ - Add support for progress percentage on ServiceOrder tracking
195 Detail of features described in the readTheDoc documentation.
199 No new issue (see Beijing ones)
203 - `Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=45301150>`_
207 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
211 No upgrade available from Beijing
213 **Deprecation Notes**
224 :Release Date: 2018-06-07
230 - `EXTAPI-39 <https://jira.onap.org/browse/EXTAPI-39>`_ - Retrieve SDC information (catalog information) for service level artifacts based on TMF633 open APIs - operation GET
231 - `EXTAPI-41 <https://jira.onap.org/browse/EXTAPI-41>`_ - Retrieve AAI information (inventory information) for service instance level artifacts based on TMF638 open APIs - operation GET
232 - `EXTAPI-42 <https://jira.onap.org/browse/EXTAPI-42>`_ - Create and retrieve SO service request for service level based on TMF641 open APIS - Operations POST & GET
234 Detail of features described in the readTheDoc documentation.
238 Not applicable - This is an initial release
244 - Find criteria are limited
246 For service inventory:
248 - Customer information must be passed to get complete service representation.
249 - Find criteria are limited.
253 - ServiceOrder will manage only ‘add’ and ‘delete’ operation (no change).
254 - Only service level request is performed.
255 - No request for VNF/VF and no call to SDNC.
256 - `EXTAPI-70 <https://jira.onap.org/browse/EXTAPI-70>`_ : links between customer/service instance and cloud/tenant not done (trigger VID issue).
257 - Only active service state is considered to add a service.
259 Detail of limitations described in the readTheDoc documentation.
263 External API code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The External API open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28382906>`_.
264 Authentication management and Data Access rights have not been implemented.
268 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
269 - `Passing Badge information for External API <https://bestpractices.coreinfrastructure.org/en/projects/1771>`_
270 - `Project Vulnerability Review Table for External API <https://wiki.onap.org/pages/viewpage.action?pageId=28382906>`_
274 Not applicable - This is an initial release
276 **Deprecation Notes**
278 Not applicable - This is an initial release