1 .. SPDX-License-Identifier: CC-BY-4.0
2 .. Copyright 2019 ORANGE
11 :Release Date: 2020-04-06
13 Frankfurt Release tag - 6.0.1
17 - `OJSI-136 <https://jira.onap.org/browse/OJSI-136>`_ - In default deployment EXTAPI (nbi) exposes HTTP port 30274 outside of cluster.
18 - `EXTAPI-347 <https://jira.onap.org/browse/EXTAPI-347>`_ - Move to mariadb galera instead of mariadb
19 - `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS with AAF artefacts
20 - `EXTAPI-294 <https://jira.onap.org/browse/EXTAPI-294>`_ - Add support for Service Orders using new "Object" type
21 - `EXTAPI-304 <https://jira.onap.org/browse/EXTAPI-304>`_ - Update SO request to use GR_API instead of VNF_API
22 - `EXTAPI-342 <https://jira.onap.org/browse/EXTAPI-342>`_ - NBI to SO: new URL and new Header params
23 - `EXTAPI-343 <https://jira.onap.org/browse/EXTAPI-343>`_ - NBI to SO: cloudowner value to be taken from application.properties
24 - `EXTAPI-258 <https://jira.onap.org/browse/EXTAPI-258>`_ - Identify whether the Service is of A-la-carte or macro type
25 - `EXTAPI-370 <https://jira.onap.org/browse/EXTAPI-370>`_ - Java 11 & oparent 3.0.0-SNAPSHOT
26 - `EXTAPI-378 <https://jira.onap.org/browse/EXTAPI-378>`_ - Update swagger based on spectral
27 - `EXTAPI-384 <https://jira.onap.org/browse/EXTAPI-384>`_ - SECCOM Java 11 migration from v8 [REQ-219] in NBI
28 - `EXTAPI-397 <https://jira.onap.org/browse/EXTAPI-397>`_ - Update Service Order Swagger to align to ONAP Style Guidelines
29 - `EXTAPI-399 <https://jira.onap.org/browse/EXTAPI-399>`_ - Fix Docker File Image to point to correct base and use 3.0.0 in pom
30 - `EXTAPI-400 <https://jira.onap.org/browse/EXTAPI-400>`_ - Migrate and Fix sonarcloud code coverage issue
31 - `EXTAPI-401 <https://jira.onap.org/browse/EXTAPI-401>`_ - remove sonar.jacoco.reportMissing.force.zero
32 - `EXTAPI-415 <https://jira.onap.org/browse/EXTAPI-415>`_ - Configure NBI with http xor https support, using basic spring capabilities
33 - `EXTAPI-417 <https://jira.onap.org/browse/EXTAPI-417>`_ - Support http local docker and https OOM via Env Variable
34 - `EXTAPI-423 <https://jira.onap.org/browse/EXTAPI-423>`_ - Check for CST template is case sensitive
35 - `EXTAPI-424 <https://jira.onap.org/browse/EXTAPI-424>`_ - Public HTTP port open
37 Detail of NBI features are described in the readTheDoc documentation.
39 https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/index.html
48 In the Frankfurt release, External API has been updated to expose a https interface via OOM installations, in response to OJSI-136.
49 NBI has also upgraded to Java 11, using the base registry.gitlab.com/onap-integration/docker/onap-java image.
53 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
57 No major API changes. The API Major version is still 4.
61 Frankfurt API version is 4.1.0 i.e. Minor API changes only, as most changes are related to security updates. No new APIs.
62 Swagger changes are mainly in the use of additional markdown for API understanding and conformance to ONAP API Swagger Style Guidelines
63 https://wiki.onap.org/pages/viewpage.action?pageId=71834147
68 :Release Date: 2019-09-06
70 El Alto Release tag - 5.0.1
74 - `EXTAPI-248 <https://jira.onap.org/browse/EXTAPI-248>`_ - ExtAPI should not be polling SDC-DISTR-NOTIF-TOPIC-AUTO without authenticating
75 - `EXTAPI-249 <https://jira.onap.org/browse/EXTAPI-249>`_ - Change to oom dockers causing permissions failing when tosca parsing
76 - `EXTAPI-287 <https://jira.onap.org/browse/EXTAPI-287>`_ - NBI to SDC connectivity health checks fail
77 - `EXTAPI-305 <https://jira.onap.org/browse/EXTAPI-305>`_ - No Need for "ReadWriteMany" access on storage when deploying on Kubernetes
79 Detail of features described in the readTheDoc documentation.
81 https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/index.html
90 - Same as Dublin 4.0.0
94 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
98 No major API change. The API Major version is still 4.
102 El Alto API version is 4.0.1 i.e. Patch only
107 :Release Date: 2019-05-30
109 New major version v4 for the API, see Upgrade Notes
111 Dedicated Postman collection can be found in the integration project see `test/postman <https://git.onap.org/integration/tree/test/postman?h=dublin>`_
113 All tests suites have been re written in Karate, see `src/test/resources/karatetest <https://git.onap.org/externalapi/nbi/tree/src/test/resources/karatetest?h=dublin>`_ for inspiration.
117 Main new features are supports of
119 - `BroadBand Service Use Case ( BBS ) <https://wiki.onap.org/pages/viewpage.action?pageId=45297636>`_
120 - `Cross Domain and Cross Layer VPN ( CCVPN ) <https://wiki.onap.org/display/DW/CCVPN%28Cross+Domain+and+Cross+Layer+VPN%29+USE+CASE>`_
122 Main functional changes for BBS:
124 - `EXTAPI-98 <https://jira.onap.org/browse/EXTAPI-98>`_ - Service inventory notification`
125 - `EXTAPI-161 <https://jira.onap.org/browse/EXTAPI-161>`_ - New service specificationInputSchemas operation`
127 Main functional change for CCVPN
129 - `EXTAPI-182 <https://jira.onap.org/browse/EXTAPI-182>`_ - Create SO -> ExtAPI interface`
131 Many other changes and improvement are listed in JIRA:
133 - `All Dublin issues <https://jira.onap.org/issues/?filter=11786>`_
137 - `EXTAPI-197 <https://jira.onap.org/browse/EXTAPI-197>`_ - Bad hostname while registering on MSB
138 - `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS
139 - `EXTAPI-249 <https://jira.onap.org/browse/EXTAPI-249>`_ - Change to oom dockers causing permissions failing when tosca parsing
141 EXTAPI-249 has limited impact on BBS use case:
142 GET /serviceSpecification{id}
143 returns empty serviceSpecCharacteristic.
147 *Fixed Security Issues*
149 NBI has been improved to reduce signs of vulnerabilities,
150 especially by migrating from Springboot 1.x to Springboot 2 and using ONAP Parent pom.xml
152 *Known Security Issues*
154 - `OJSI-136 <https://jira.onap.org/browse/OJSI-136>`_ - In default deployment EXTAPI (nbi) exposes HTTP port 30274 outside of cluster.
155 NBI exposes non TLS API endpoint on port 30274, meaning full plain text exchange with NBI API.
156 TLS configuration, with ONAP Root CA signed certificate will be proposed in El Alto.
158 As a workaround it is quite easy to add HTTPS support to NBI by configuring SSL and activating strict https.
159 Presuming you have a valid JKS keystore, with private key and a signed certificate:
163 src/main/resources/application.properties
168 server.ssl.key-store-type=JKS
169 server.ssl.key-store=classpath:certificate/yourkeystore.jks
170 server.ssl.key-store-password=password
171 server.ssl.key-alias=youralias
173 # disable http and activate https
174 security.require-ssl=true
176 *Known Vulnerabilities in Used Modules*
178 - `Dublin Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=51282484>`_
182 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
186 API is a new MAJOR v4 version due to the deletion of the 'hasStarted' attribute from getServiceById response
189 So don't forget to use this new path:
197 **Deprecation Notes**
208 :Release Date: 2019-01-31
210 Part of Casablanca Maintenance Release tag - 3.0.1 January 31st, 2019
214 - `EXTAPI-164 <https://jira.onap.org/browse/EXTAPI-164>`_ - Start up failed without msb
215 - `EXTAPI-172 <https://jira.onap.org/browse/EXTAPI-172>`_ - Multiple service orders in a single request
217 Detail of features described in the readTheDoc documentation.
225 - `Casablanca Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=45310585>`_
229 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
232 https://wiki.onap.org/pages/viewpage.action?pageId=51282484
239 :Release Date: 2018-11-30
245 - `EXTAPI-96 <https://jira.onap.org/browse/EXTAPI-96>`_ - Add notification for serviceOrder API
246 - `EXTAPI-97 <https://jira.onap.org/browse/EXTAPI-97>`_ - Upgrade ServiceOrder API to manage modification UC
247 - `EXTAPI-100 <https://jira.onap.org/browse/EXTAPI-100>`_ - Improve ServiceInventory API
248 - `EXTAPI-101 <https://jira.onap.org/browse/EXTAPI-101>`_ - Integrate ExtAPI/NBI to MSB
249 - `EXTAPI-102 <https://jira.onap.org/browse/EXTAPI-102>`_ - Integrate ExtAPI/NBI to an E2E ONAP UC
250 - `EXTAPI-116 <https://jira.onap.org/browse/EXTAPI-116>`_ - Help NBI user to get information when Service order fails
251 - `EXTAPI-125 <https://jira.onap.org/browse/EXTAPI-125>`_ - Add support for progress percentage on ServiceOrder tracking
253 Detail of features described in the readTheDoc documentation.
257 No new issue (see Beijing ones)
261 - `Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=45301150>`_
265 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
269 No upgrade available from Beijing
271 **Deprecation Notes**
282 :Release Date: 2018-06-07
288 - `EXTAPI-39 <https://jira.onap.org/browse/EXTAPI-39>`_ - Retrieve SDC information (catalog information) for service level artifacts based on TMF633 open APIs - operation GET
289 - `EXTAPI-41 <https://jira.onap.org/browse/EXTAPI-41>`_ - Retrieve AAI information (inventory information) for service instance level artifacts based on TMF638 open APIs - operation GET
290 - `EXTAPI-42 <https://jira.onap.org/browse/EXTAPI-42>`_ - Create and retrieve SO service request for service level based on TMF641 open APIS - Operations POST & GET
292 Detail of features described in the readTheDoc documentation.
296 Not applicable - This is an initial release
302 - Find criteria are limited
304 For service inventory:
306 - Customer information must be passed to get complete service representation.
307 - Find criteria are limited.
311 - ServiceOrder will manage only 'add' and 'delete' operation (no change).
312 - Only service level request is performed.
313 - No request for VNF/VF and no call to SDNC.
314 - `EXTAPI-70 <https://jira.onap.org/browse/EXTAPI-70>`_ : links between customer/service instance and cloud/tenant not done (trigger VID issue).
315 - Only active service state is considered to add a service.
317 Detail of limitations described in the readTheDoc documentation.
321 External API code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The External API open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28382906>`_.
322 Authentication management and Data Access rights have not been implemented.
326 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
327 - `Passing Badge information for External API <https://bestpractices.coreinfrastructure.org/en/projects/1771>`_
328 - `Project Vulnerability Review Table for External API <https://wiki.onap.org/pages/viewpage.action?pageId=28382906>`_
332 Not applicable - This is an initial release
334 **Deprecation Notes**
336 Not applicable - This is an initial release