1 .. SPDX-License-Identifier: CC-BY-4.0
2 .. Copyright 2019 ORANGE
11 :Release Date: 2021-03-19
13 Honolulu Release tag - 8.0.1
17 - `EXTAPI-535 <https://jira.onap.org/browse/EXTAPI-535>`_ - Error in NBI serviceSpecification API
19 Details of NBI features for Honolulu are described in the readTheDoc documentation.
21 https://docs.onap.org/projects/onap-externalapi-nbi/en/latest/index.html#master-index
29 External API pods security are as requested per TSC must have list
33 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
37 No major API changes. The API Major version is still 4.
43 :Release Date: 2020-11-16
45 Guilin Release tag - 7.0.2
49 - `EXTAPI-510 <https://jira.onap.org/browse/EXTAPI-510>`_ - 1 NBI pod has no limit
50 - `EXTAPI-509 <https://jira.onap.org/browse/EXTAPI-509>`_ - NBI has root pods
51 - `EXTAPI-197 <https://jira.onap.org/browse/EXTAPI-197>`_ - MSB registration
53 Details of NBI features for Guilin are described in the readTheDoc documentation.
55 https://docs.onap.org/projects/onap-externalapi-nbi/en/latest/index.html#master-index
63 Updates may to External API pods security are per TSC must have list
67 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
71 No major API changes. The API Major version is still 4.
77 :Release Date: 2020-06-04
79 Frankfurt Release tag - 6.0.3
83 - `OJSI-136 <https://jira.onap.org/browse/OJSI-136>`_ - In default deployment EXTAPI (nbi) exposes HTTP port 30274 outside of cluster.
84 - `EXTAPI-347 <https://jira.onap.org/browse/EXTAPI-347>`_ - Move to mariadb galera instead of mariadb
85 - `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS with AAF artefacts
86 - `EXTAPI-294 <https://jira.onap.org/browse/EXTAPI-294>`_ - Add support for Service Orders using new "Object" type
87 - `EXTAPI-304 <https://jira.onap.org/browse/EXTAPI-304>`_ - Update SO request to use GR_API instead of VNF_API
88 - `EXTAPI-342 <https://jira.onap.org/browse/EXTAPI-342>`_ - NBI to SO: new URL and new Header params
89 - `EXTAPI-343 <https://jira.onap.org/browse/EXTAPI-343>`_ - NBI to SO: cloudowner value to be taken from application.properties
90 - `EXTAPI-258 <https://jira.onap.org/browse/EXTAPI-258>`_ - Identify whether the Service is of A-la-carte or macro type
91 - `EXTAPI-370 <https://jira.onap.org/browse/EXTAPI-370>`_ - Java 11 & oparent 3.0.0-SNAPSHOT
92 - `EXTAPI-378 <https://jira.onap.org/browse/EXTAPI-378>`_ - Update swagger based on spectral
93 - `EXTAPI-384 <https://jira.onap.org/browse/EXTAPI-384>`_ - SECCOM Java 11 migration from v8 [REQ-219] in NBI
94 - `EXTAPI-397 <https://jira.onap.org/browse/EXTAPI-397>`_ - Update Service Order Swagger to align to ONAP Style Guidelines
95 - `EXTAPI-399 <https://jira.onap.org/browse/EXTAPI-399>`_ - Fix Docker File Image to point to correct base and use 3.0.0 in pom
96 - `EXTAPI-400 <https://jira.onap.org/browse/EXTAPI-400>`_ - Migrate and Fix sonarcloud code coverage issue
97 - `EXTAPI-401 <https://jira.onap.org/browse/EXTAPI-401>`_ - remove sonar.jacoco.reportMissing.force.zero
98 - `EXTAPI-415 <https://jira.onap.org/browse/EXTAPI-415>`_ - Configure NBI with http xor https support, using basic spring capabilities
99 - `EXTAPI-417 <https://jira.onap.org/browse/EXTAPI-417>`_ - Support http local docker and https OOM via Env Variable
100 - `EXTAPI-423 <https://jira.onap.org/browse/EXTAPI-423>`_ - Check for CST template is case sensitive
101 - `EXTAPI-424 <https://jira.onap.org/browse/EXTAPI-424>`_ - Public HTTP port open
102 - `EXTAPI-427 <https://jira.onap.org/browse/EXTAPI-427>`_ - DMaap https port enable
104 Detail of NBI features are described in the readTheDoc documentation.
106 https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/index.html
115 In the Frankfurt release, External API has been updated to expose a https interface via OOM installations, in response to OJSI-136.
116 NBI has also upgraded to Java 11, using the base registry.gitlab.com/onap-integration/docker/onap-java image.
120 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
124 No major API changes. The API Major version is still 4.
128 Frankfurt API version is 4.1.0 i.e. Minor API changes only, as most changes are related to security updates. No new APIs.
129 Swagger changes are mainly in the use of additional markdown for API understanding and conformance to ONAP API Swagger Style Guidelines
130 https://wiki.onap.org/pages/viewpage.action?pageId=71834147
135 :Release Date: 2019-09-06
137 El Alto Release tag - 5.0.1
141 - `EXTAPI-248 <https://jira.onap.org/browse/EXTAPI-248>`_ - ExtAPI should not be polling SDC-DISTR-NOTIF-TOPIC-AUTO without authenticating
142 - `EXTAPI-249 <https://jira.onap.org/browse/EXTAPI-249>`_ - Change to oom dockers causing permissions failing when tosca parsing
143 - `EXTAPI-287 <https://jira.onap.org/browse/EXTAPI-287>`_ - NBI to SDC connectivity health checks fail
144 - `EXTAPI-305 <https://jira.onap.org/browse/EXTAPI-305>`_ - No Need for "ReadWriteMany" access on storage when deploying on Kubernetes
146 Detail of features described in the readTheDoc documentation.
148 https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/index.html
157 - Same as Dublin 4.0.0
161 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
165 No major API change. The API Major version is still 4.
169 El Alto API version is 4.0.1 i.e. Patch only
174 :Release Date: 2019-05-30
176 New major version v4 for the API, see Upgrade Notes
178 Dedicated Postman collection can be found in the integration project see `test/postman <https://git.onap.org/integration/tree/test/postman?h=dublin>`_
180 All tests suites have been re written in Karate, see `src/test/resources/karatetest <https://git.onap.org/externalapi/nbi/tree/src/test/resources/karatetest?h=dublin>`_ for inspiration.
184 Main new features are supports of
186 - `BroadBand Service Use Case ( BBS ) <https://wiki.onap.org/pages/viewpage.action?pageId=45297636>`_
187 - `Cross Domain and Cross Layer VPN ( CCVPN ) <https://wiki.onap.org/display/DW/CCVPN%28Cross+Domain+and+Cross+Layer+VPN%29+USE+CASE>`_
189 Main functional changes for BBS:
191 - `EXTAPI-98 <https://jira.onap.org/browse/EXTAPI-98>`_ - Service inventory notification`
192 - `EXTAPI-161 <https://jira.onap.org/browse/EXTAPI-161>`_ - New service specificationInputSchemas operation`
194 Main functional change for CCVPN
196 - `EXTAPI-182 <https://jira.onap.org/browse/EXTAPI-182>`_ - Create SO -> ExtAPI interface`
198 Many other changes and improvement are listed in JIRA:
200 - `All Dublin issues <https://jira.onap.org/issues/?filter=11786>`_
204 - `EXTAPI-197 <https://jira.onap.org/browse/EXTAPI-197>`_ - Bad hostname while registering on MSB
205 - `EXTAPI-222 <https://jira.onap.org/browse/EXTAPI-222>`_ - Add support for HTTPS
206 - `EXTAPI-249 <https://jira.onap.org/browse/EXTAPI-249>`_ - Change to oom dockers causing permissions failing when tosca parsing
208 EXTAPI-249 has limited impact on BBS use case:
209 GET /serviceSpecification{id}
210 returns empty serviceSpecCharacteristic.
214 *Fixed Security Issues*
216 NBI has been improved to reduce signs of vulnerabilities,
217 especially by migrating from Springboot 1.x to Springboot 2 and using ONAP Parent pom.xml
219 *Known Security Issues*
221 - `OJSI-136 <https://jira.onap.org/browse/OJSI-136>`_ - In default deployment EXTAPI (nbi) exposes HTTP port 30274 outside of cluster.
222 NBI exposes non TLS API endpoint on port 30274, meaning full plain text exchange with NBI API.
223 TLS configuration, with ONAP Root CA signed certificate will be proposed in El Alto.
225 As a workaround it is quite easy to add HTTPS support to NBI by configuring SSL and activating strict https.
226 Presuming you have a valid JKS keystore, with private key and a signed certificate:
230 src/main/resources/application.properties
235 server.ssl.key-store-type=JKS
236 server.ssl.key-store=classpath:certificate/yourkeystore.jks
237 server.ssl.key-store-password=password
238 server.ssl.key-alias=youralias
240 # disable http and activate https
241 security.require-ssl=true
243 *Known Vulnerabilities in Used Modules*
245 - `Dublin Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=51282484>`_
249 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
253 API is a new MAJOR v4 version due to the deletion of the 'hasStarted' attribute from getServiceById response
256 So don't forget to use this new path:
264 **Deprecation Notes**
275 :Release Date: 2019-01-31
277 Part of Casablanca Maintenance Release tag - 3.0.1 January 31st, 2019
281 - `EXTAPI-164 <https://jira.onap.org/browse/EXTAPI-164>`_ - Start up failed without msb
282 - `EXTAPI-172 <https://jira.onap.org/browse/EXTAPI-172>`_ - Multiple service orders in a single request
284 Detail of features described in the readTheDoc documentation.
292 - `Casablanca Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=45310585>`_
296 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
299 https://wiki.onap.org/pages/viewpage.action?pageId=51282484
306 :Release Date: 2018-11-30
312 - `EXTAPI-96 <https://jira.onap.org/browse/EXTAPI-96>`_ - Add notification for serviceOrder API
313 - `EXTAPI-97 <https://jira.onap.org/browse/EXTAPI-97>`_ - Upgrade ServiceOrder API to manage modification UC
314 - `EXTAPI-100 <https://jira.onap.org/browse/EXTAPI-100>`_ - Improve ServiceInventory API
315 - `EXTAPI-101 <https://jira.onap.org/browse/EXTAPI-101>`_ - Integrate ExtAPI/NBI to MSB
316 - `EXTAPI-102 <https://jira.onap.org/browse/EXTAPI-102>`_ - Integrate ExtAPI/NBI to an E2E ONAP UC
317 - `EXTAPI-116 <https://jira.onap.org/browse/EXTAPI-116>`_ - Help NBI user to get information when Service order fails
318 - `EXTAPI-125 <https://jira.onap.org/browse/EXTAPI-125>`_ - Add support for progress percentage on ServiceOrder tracking
320 Detail of features described in the readTheDoc documentation.
324 No new issue (see Beijing ones)
328 - `Vulnerability Report <https://wiki.onap.org/pages/viewpage.action?pageId=45301150>`_
332 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
336 No upgrade available from Beijing
338 **Deprecation Notes**
349 :Release Date: 2018-06-07
355 - `EXTAPI-39 <https://jira.onap.org/browse/EXTAPI-39>`_ - Retrieve SDC information (catalog information) for service level artifacts based on TMF633 open APIs - operation GET
356 - `EXTAPI-41 <https://jira.onap.org/browse/EXTAPI-41>`_ - Retrieve AAI information (inventory information) for service instance level artifacts based on TMF638 open APIs - operation GET
357 - `EXTAPI-42 <https://jira.onap.org/browse/EXTAPI-42>`_ - Create and retrieve SO service request for service level based on TMF641 open APIS - Operations POST & GET
359 Detail of features described in the readTheDoc documentation.
363 Not applicable - This is an initial release
369 - Find criteria are limited
371 For service inventory:
373 - Customer information must be passed to get complete service representation.
374 - Find criteria are limited.
378 - ServiceOrder will manage only 'add' and 'delete' operation (no change).
379 - Only service level request is performed.
380 - No request for VNF/VF and no call to SDNC.
381 - `EXTAPI-70 <https://jira.onap.org/browse/EXTAPI-70>`_ : links between customer/service instance and cloud/tenant not done (trigger VID issue).
382 - Only active service state is considered to add a service.
384 Detail of limitations described in the readTheDoc documentation.
388 External API code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The External API open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28382906>`_.
389 Authentication management and Data Access rights have not been implemented.
393 - `External API project page <https://wiki.onap.org/display/DW/External+API+Framework+Project>`_
394 - `Passing Badge information for External API <https://bestpractices.coreinfrastructure.org/en/projects/1771>`_
395 - `Project Vulnerability Review Table for External API <https://wiki.onap.org/pages/viewpage.action?pageId=28382906>`_
399 Not applicable - This is an initial release
401 **Deprecation Notes**
403 Not applicable - This is an initial release