From ae30918d9233f44758fd3d9eb01bbc967d33af5c Mon Sep 17 00:00:00 2001 From: "Bozawglanian, Hagop (hb755d)" Date: Thu, 4 Oct 2018 17:54:40 +0000 Subject: VNFRQTS - Fixing Traceability matrix Issue-ID: VNFRQTS-449 Change-Id: I0965679731bcf569ce8fb9b7f351a41a7a5e8738 Signed-off-by: Bozawglanian, Hagop (hb755d) --- docs/Chapter2.rst | 2 +- docs/traceability.csv | 3257 +++---------------------------------------------- 2 files changed, 182 insertions(+), 3077 deletions(-) diff --git a/docs/Chapter2.rst b/docs/Chapter2.rst index eea9c0f..58728ab 100644 --- a/docs/Chapter2.rst +++ b/docs/Chapter2.rst @@ -24,7 +24,7 @@ List of VNF Requirements and corresponding Information Elements You can download the table :download:`here` -Included here is a table of VNF Requirements that are mainly referring to +Included here is a table of VNF Requirements that are mainly referring to the testability of VNF Package requirements. It includes TOSCA or CSAR artifact information as well as how it is testable (VNFSDK/VVP/SDC). These requirements are mainly from :doc:`Chapter 5 <../../../../vnfrqts/requirements.git/docs/Chapter5/index>` diff --git a/docs/traceability.csv b/docs/traceability.csv index 4eac153..ead975d 100755 --- a/docs/traceability.csv +++ b/docs/traceability.csv @@ -1,3076 +1,181 @@ -Requirement ID,Requirement,Section,Test Module,Test Name -R-71842,"The VNF **MUST** include the field ""service or program used for -access"" in the Security alarms (where applicable and technically feasible).",VNF Security Analytics Requirements,, -R-86235,"The xNF Package **MUST** include documentation about the monitoring -parameters that must include latencies, success rates, retry rates, load -and quality (e.g., DPM) for the key transactions/functions supported by -the xNF and those that must be exercised by the xNF in order to perform -its function.",Resource Control Loop,, -R-06613,"A VNF's Heat Orchestration Template's parameter defined -in a non-nested YAML file as type -``boolean`` **MAY** have a parameter constraint defined.",constraints,, -R-31614,"The VNF **MUST** log the field ""event type"" in the security audit -logs.",VNF Security Analytics Requirements,, -R-63956,"If the VNF's ports connected to a unique external network -and the port's IP addresses are ONAP SDN-C assigned IP Addresses, -the IPv4 Addresses **MAY** be from different subnets and the IPv6 -Addresses **MAY** be from different subnets.",Items to Note,, -R-36772,"A VNF's Heat Orchestration Template's parameter **MUST** include the -attribute ``type:``.",type,tests.test_heat_template_parameters_contain_required_fields,test_heat_template_parameters_contain_required_fields -R-85959,"The VNF **SHOULD** automatically enable/disable added/removed -sub-components or component so there is no manual intervention required.",System Resource Optimization,, -R-65641,The xNF **MUST** support ONAP Controller's **UpgradeBackOut** command.,LifeCycle Management Related Commands,, -R-08312,"The xNF **MAY** use another option which is expected to include REST -delivery of binary encoded data sets.",Addressing and Delivery Protocol,, -R-54430,"The VNF **MUST** use the NCSP's supported library and compute -flavor that supports DPDK to optimize network efficiency if using DPDK. [#4.1.1]_",VNF Design,, -R-25720,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::Net`` -Resource ID **MUST** use the naming convention - -* ``int_{network-role}_network`` - -VNF Heat Orchestration Templates can only create internal networks. -There is no ``{index}`` after ``{network-role}`` because ``{network-role}`` -**MUST** be unique in the scope of the VNF's -Heat Orchestration Template.",OS::Neutron::Net,, -R-10129,"The xNF **SHOULD** conform its YANG model to RFC 7223, -""A YANG Data Model for Interface Management"".",NETCONF Server Requirements,, -R-03251,"A VNF's Heat Orchestration Template's Resource OS::Heat::CinderVolume -**MAY** be defined in a Cinder Volume Module.",ONAP VNF Modularity Overview,, -R-83873,"The xNF **MUST** support **:rollback-on-error** value for -the parameter to the operation. If any -error occurs during the requested edit operation, then the target -database (usually the running configuration) will be left unaffected. -This provides an 'all-or-nothing' edit mode for a single -request.",NETCONF Server Requirements,, -R-15671,"The VNF **MUST** provide access controls that allow the Operator -to restrict access to VNF functions and data to authorized entities.",VNF Identity and Access Management Requirements,, -R-89800,"The VNF **MUST NOT** require Hypervisor-level customization -from the cloud provider.",VNF Devops,, -R-34957,"The VNF **MUST** provide a method of metrics gathering for each -layer's performance to identify/document variances in the allocations so -they can be addressed.",Monitoring & Dashboard,, -R-73583,"The VNF **MUST** allow changes of configuration parameters -to be consumed by the VNF without requiring the VNF or its sub-components -to be bounced so that the VNF availability is not effected.",Application Configuration Management,, -R-24359,"The VNF **MUST** provide the capability of testing the validity -of a digital certificate by validating the date the certificate is being -used is within the validity period for the certificate.",VNF Cryptography Requirements,, -R-34552,"The VNF **MUST** be implemented so that it is not vulnerable to OWASP -Top 10 web application security risks.",VNF Security Analytics Requirements,, -R-98569,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -``{vm-type}_int_{network-role}_v6_ips`` -**MUST** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-59391,"The VNF MUST NOT not allow the assumption of the permissions of -another account to mask individual accountability.",VNF Identity and Access Management Requirements,, -R-96983,"A VNF's Heat Orchestration Template's Resource ID that is associated -with an internal network **MUST** include ``int_{network-role}`` as part -of the Resource ID, where ``int_`` is a hard coded string.",{network-role},tests.test_port_resource_ids,test_port_resource_ids -R-40551,"A VNF's Heat Orchestration Template's Nested YAML files **MAY** -(or **MAY NOT**) contain the section ``resources:``.",resources,, -R-73213,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::SecurityGroup`` that -is applicable to more than one ``{vm-type}`` and one internal network Resource ID -**SHOULD** use the naming convention - -* ``int_{network-role}_security_group`` - -where - -* ``{network-role}`` is the network-role",OS::Neutron::SecurityGroup,, -R-00977,"A VNF's Heat Orchestration Template's ``{network-role}`` -**MUST NOT** be a substring of ``{vm-type}``.",{network-role},tests.test_nova_servers_vm_types,test_vm_type_network_role_collision -R-29751,"A VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` Resource ID -**MUST** use the naming convention - -* ``{vm-type}_server_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{index}`` is the index",OS::Nova::Server,, -R-02651,"The xNF **SHOULD** use the Ansible backup feature to save a -copy of configuration files before implementing changes to support -operations such as backing out of software upgrades, configuration -changes or other work as this will help backing out of configuration -changes when needed.",Ansible Playbook Requirements,, -R-86476,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vm_role`` value **MUST** -only contain alphanumeric characters and underscores '_'.",vm_role,, -R-42685,"A VNF's Heat Orchestration template's Environment File's -**MAY** contain the ``parameter_merge_strategies:`` section.",Environment File Format,, -R-23311,"The VNF's Heat Orchestration Template's Resource -``OS::Nova::Server`` property -``availability_zone`` parameter **MUST** be declared as type: ``string``.",Property: availability_zone,, -R-40827,"The xNF provider **MUST** enumerate all of the open -source licenses their xNF(s) incorporate.",Licensing Requirements,, -R-54458,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::VirtualMachineInterface`` that is attaching to a sub-interface -network Resource ID **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_subint_{network-role}_vmi_{vmi_index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port (i.e. virtual machine interface) is attached to -* ``{vmi_index}`` is the instance of the the vmi on the vm-type - attached to the network of ``{network-role}``",OS::ContrailV2::VirtualMachineInterface,, -R-56793,"The VNF **MUST** test for adherence to the defined performance -budgets at each layer, during each delivery cycle with delivered -results, so that the performance budget is measured and the code -is adjusted to meet performance budget.",Deployment Optimization,, -R-22838,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``name`` parameter **MUST NOT** be enumerated in the Heat Orchestration -Template's Environment File.",Property: Name,tests.test_environment_file_parameters,test_nova_server_name_parameter_doesnt_exist_in_environment_file -R-96482,"When a VNF's Heat Orchestration Template's resource is associated -with a single external network, the Resource ID **MUST** contain the text -'{network-role}'.",Resource IDs,, -R-88031,"The xNF **SHOULD** implement the protocol operation: -**delete-config(target) -** Delete the named configuration -datastore target.",NETCONF Server Requirements,, -R-71787,"Each layer of the VNF **MUST** support access restriction -independently of all other layers so that Segregation of Duties -can be implemented.",VNF Identity and Access Management Requirements,, -R-81979,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::NetworkIpam`` -Resource ID **MAY** use the naming convention - -* ``{network-role}_RNI`` - -where - -* ``{network-role}`` is the network-role -* ``RNI`` signifies that it is the Resource Network IPAM",OS::ContrailV2::NetworkIpam,, -R-61001,"A shared Heat Orchestration Template resource must be defined -in the base module. A shared resource is a resource that that will -be referenced by another resource that is defined in the Base Module -and/or one or more incremental modules. When the shared resource needs -to be referenced by a resource in an incremental module, the UUID of -the shared resource **MUST** be exposed by declaring an ONAP Base -Module Output Parameter.",ONAP Heat VNF Modularity,, -R-56183,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``environment_context`` **MUST NOT** -have parameter constraints defined.",environment_context,, -R-33132,"A VNF's Heat Orchestration Template **MAY** be - 1.) Base Module Heat Orchestration Template (also referred to as a - Base Module), - 2.) Incremental Module Heat Orchestration Template (referred to as - an Incremental Module), or - 3.) a Cinder Volume Module Heat Orchestration Template (referred to as - Cinder Volume Module).",ONAP VNF Modularity Overview,, -R-30005,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::SecurityGroup`` that -is applicable to more than one ``{vm-type}`` and more than one network -(internal and/or external) Resource ID **MAY** -use the naming convention - -* ``shared_security_group`` - -or - -* ``{vnf-type}_security_group`` - -where - -* ``{vnf-type}`` describes the VNF",OS::Neutron::SecurityGroup,, -R-65755,"The xNF **SHOULD** support callback URLs to return information -to ONAP upon completion of the chef-client run for any chef-client run -associated with a xNF action. - -- As part of the push job, ONAP will provide two parameters in the - environment of the push job JSON object: - - - ""RequestId"" a unique Id to be used to identify the request, - - ""CallbackUrl"", the URL to post response back. - -- If the CallbackUrl field is empty or missing in the push job, then - the chef-client run need not post the results back via callback.",Chef Roles/Requirements,, -R-65618,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::ServiceHealthCheck`` Resource ID **MAY** use the naming convention - -* ``{vm-type}_RSHC_{LEFT|RIGHT}`` - -where - -* ``{vm-type}`` is the vm-type -* ``RSHC`` signifies that it is the Resource Service Health Check -* ``LEFT`` is used if the Service Health Check is on the left interface -* ``RIGHT`` is used if the Service Health Check is on the right interface",OS::ContrailV2::ServiceHealthCheck,, -R-22346,The VNF package MUST provide `VES Event Registration `_ for all VES events provided by that xNF.,Resource Description,, -R-11441,"A VNF's Heat Orchestration Template's parameter type **MUST** be one of -the following values: - -* ``string`` -* ``number`` -* ``json`` -* ``comma_delimited_list`` -* ``boolean``",type,tests.test_heat_template_structure,test_parameter_type -R-39604,"The VNF **MUST** provide the capability of testing the -validity of a digital certificate by checking the Certificate Revocation -List (CRL) for the certificates of that type to ensure that the -certificate has not been revoked.",VNF Cryptography Requirements,, -R-32217,"The xNF **MUST** have routable FQDNs that are reachable via -the Ansible Server for the endpoints (VMs) of a xNF on which playbooks -will be executed. ONAP will initiate requests to the Ansible Server -for invocation of playbooks against these end points [#7.3.3]_.",Ansible Client Requirements,, -R-20204,"The VNF Package **MUST** include VM requirements via a Heat -template that provides the necessary data for network connections, -interface connections, internal and external to VNF.","Compute, Network, and Storage Requirements",, -R-78010,"The VNF **MUST** use the NCSP's IDAM API for Identification, -authentication and access control of customer or VNF application users.",VNF General Security Requirements,, -R-40293,"The xNF **MUST** make available playbooks that conform -to the ONAP requirement.",Ansible Playbook Requirements,, -R-01455,"When a VNF's Heat Orchestration Template creates a Virtual Machine -(i.e., ``OS::Nova::Server``), -each ""class"" of VMs **MUST** be assigned a VNF unique -``{vm-type}``; where ""class"" defines VMs that -**MUST** have the following identical characteristics: - - 1.) ``OS::Nova::Server`` resource property ``flavor`` value - - 2.) ``OS::Nova::Server`` resource property ``image`` value - - 3.) Cinder Volume attachments - - - Each VM in the ""class"" **MUST** have the identical Cinder Volume - configuration - - 4.) Network attachments and IP address requirements - - - Each VM in the ""class"" **MUST** have the the identical number of - ports connecting to the identical networks and requiring the identical - IP address configuration.",{vm-type},, -R-23957,"The VNF **MUST** include the field ""time"" in the Security alarms -(where applicable and technically feasible).",VNF Security Analytics Requirements,, -R-07577,"If the VNF's ports connected to a unique network (internal or external) -and the port's IP addresses are Cloud Assigned IP Addresses, -all the IPv4 Addresses **MUST** be from -the same subnet and all the IPv6 Addresses **MUST** be from the -same subnet.",Items to Note,, -R-99812,"A value for VNF's Heat Orchestration Template's property ``name`` -for a non ``OS::Nova::Server`` resource **MUST NOT** be declared -in the VNF's Heat Orchestration Template's Environment File.",Resource Property “name”,tests.test_environment_file_parameters,test_non_nova_server_name_parameter_doesnt_exist_in_environment_file -R-18008,"The VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port`` -property ``network`` parameter **MUST** be declared as type: ``string``.",Property: network,, -R-40899,"When the VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property ``name`` parameter is defined as a ``string``, a parameter -**MUST** be delcared for -each ``OS::Nova::Server`` resource associated with the ``{vm-type}``.",Property: Name,tests.test_unique_name_resources,test_unique_name_resources -R-74304,"A VNF's Heat Orchestration Template's Environment file extension **MUST** -be in the lower case format ``.env``.",ONAP Heat Orchestration Template Filenames,tests.test_heat_pairs_provided,test_heat_pairs_provided -R-18001,"If the VNF's ports connected to a unique internal network -and the port's IP addresses are statically assigned IP Addresses, -the IPv4 Addresses **MAY** be from different subnets and the -IPv6 Addresses **MAY** be from different subnets.",Items to Note,, -R-20319,"A VNF's Heat Orchestration Template's Resource ``OS::Heat::CloudConfig`` -Resource ID **MAY** use the naming convention - -* ``{vm-type}_RCC`` - -where - -* ``{vm-type}`` is the vm-type -* ``RCC`` signifies that it is the Resource Cloud Config",OS::Heat::CloudConfig,, -R-03324,"A VNF's Heat Orchestration template's Environment File **MUST** -contain the ``parameters:`` section.",Environment File Format,tests.test_environment_file_structure,test_environment_file_contains_required_sections -R-50011,"A VNF's Heat Orchestration Template's ``OS::Heat::ResourceGroup`` -property ``count`` **MUST** be enumerated in the VNF's -Heat Orchestration Template's Environment File and **MUST** be -assigned a value.",OS::Heat::ResourceGroup Property count,tests.test_environment_file_parameters,test_heat_rg_count_parameter_exists_in_environment_file -R-04982,"The VNF **MUST NOT** include an authentication credential, -e.g., password, in the security audit logs, even if encrypted.",VNF Security Analytics Requirements,, -R-83500,"The VNF **MUST** provide the capability of allowing certificate -renewal and revocation.",VNF Cryptography Requirements,, -R-05201,"When a VNF connects to two or more external networks, each external -network **MUST** be assigned a unique ``{network-role}`` -in the context of the VNF for use in the VNF's Heat Orchestration -Template.",External Networks,tests.test_port_resource_ids,test_port_resource_ids -R-28756,"The xNF **MUST** support **:partial-lock** and -**:partial-unlock** capabilities, defined in RFC 5717. This -allows multiple independent clients to each write to a different -part of the configuration at the same time.",NETCONF Server Requirements,, -R-86182,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an internal network (per the -ONAP definition, see Requirements R-52425 and R-46461), -and the internal network is created in a -different Heat Orchestration Template than the ``OS::Neutron::Port``, -the ``network`` parameter name **MUST** - - * follow the naming convention ``int_{network-role}_net_id`` if the Neutron - network UUID value is used to reference the network - * follow the naming convention ``int_{network-role}_net_name`` if the - OpenStack network name in is used to reference the network. - -where ``{network-role}`` is the network-role of the internal network and -a ``get_param`` **MUST** be used as the intrinsic function.",Property: network,tests.test_network_format,test_network_format -R-41430,The xNF **MUST** support ONAP Controller's **HealthCheck** command.,HealthCheck and Failure Related Commands,, -R-08975,"A VNF's Heat Orchestration Template's Resource ``OS::Heat::SoftwareConfig`` -Resource ID **MUST** contain the ``{vm-type}``.",OS::Heat::SoftwareConfig,, -R-68122,"A VNF's incremental module **MAY** be deployed more than once, -either during initial VNF deployment and/or scale out.",ONAP VNF Modularity Overview,, -R-55345,"The VNF **SHOULD** use techniques such as ""lazy loading"" when -initialization includes loading catalogues and/or lists which can grow -over time, so that the VNF startup time does not grow at a rate -proportional to that of the list.",System Resource Optimization,, -R-20065,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::PortTuple`` -Resource ID **MUST** contain the ``{vm-type}``.",OS::ContrailV2::PortTuple,, -R-79224,"The xNF **MUST** have the chef-client be preloaded with -validator keys and configuration to register with the designated -Chef Server as part of the installation process.",Chef Client Requirements,, -R-11200,"A VNF's Cinder Volume Module, when it exists, **MUST** be 1:1 -with a Base module or Incremental module.",ONAP VNF Modularity Overview,tests.test_volume_outputs_consumed,test_volume_outputs_consumed -R-11168,"A VNF's Heat Orchestration Template's Resource ID that is associated with -an external network **MUST** include the ``{network-role}`` as part -of the resource ID.",{network-role},tests.test_port_resource_ids,test_port_resource_ids -R-86497,"A VNF's Heat Orchestration Template's Resource -``OS::Cinder::VolumeAttachment`` -Resource ID -**SHOULD** -use the naming convention - -* ``{vm-type}_volume_attachment_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{index}`` starts at zero and increments by one",OS::Cinder::VolumeAttachment,, -R-69649,"The VNF Provider **MUST** have patches available for vulnerabilities -in the VNF as soon as possible. Patching shall be controlled via change -control process with vulnerabilities disclosed along with -mitigation recommendations.",VNF General Security Requirements,, -R-27818,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an internal network (per the -ONAP definition, see RRequirements R-52425 and R-46461), -and an IPv6 address is assigned -using the property ``fixed_ips`` -map property ``ip_address`` and the parameter type is defined as a -``string``, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_int_{network-role}_v6_ip_{index}`` - -where - - * ``{vm-type}`` is the {vm-type} associated with the - ``OS::Nova::Server`` - * ``{network-role}`` is the {network-role} of the internal - network - * the value for ``{index}`` must start at zero (0) and increment by one","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-70496,"The xNF **MUST** implement the protocol operation: -**commit(confirmed, confirm-timeout)** - Commit candidate -configuration datastore to the running configuration.",NETCONF Server Requirements,, -R-45602,"If a VNF's Port is attached to a network (internal or external) -and the port's IP addresses are cloud assigned by OpenStack's DHCP -Service, the ``OS::Neutron::Port`` Resource's - -* property ``fixed_ips`` map property ``ip_address`` **MUST NOT** be used -* property ``fixed_ips`` map property ``subnet``/``subnet_id`` - **MAY** be used",Items to Note,, -R-35960,"The xNF Package **MUST** include documentation which must include -all events, severity level (e.g., informational, warning, error) and -descriptions including causes/fixes if applicable for the event.",Resource Control Loop,, -R-88899,"The xNF **MUST** support simultaneous operations -within the context of this locking requirements framework.",NETCONF Server Requirements,, -R-41994,"The VNF **MUST**, if not using the NCSP's IDAM API, comply -with ""No Self-Signed Certificates"" policy. Self-signed certificates -must be used for encryption only, using specified and approved -encryption protocols such as TLS 1.2 or higher or equivalent security -protocols such as IPSec, AES.",VNF General Security Requirements,, -R-00228,"A VNF's Heat Orchestration Template **MAY** -reference the nested heat statically by repeated definition.",Nested Heat Template Requirements,, -R-01334,"The xNF **MUST** conform to the NETCONF RFC 5717, -""Partial Lock Remote Procedure Call"".",NETCONF Server Requirements,, -R-01896,"A VNF's Heat Orchestration Template's parameter values that are constant -across all deployments **MUST** be declared in a Heat Orchestration -Template Environment File.",Scope of a Heat Orchestration Template,tests.test_no_unused_parameters_between_env_and_templates,test_no_unused_parameters_between_env_and_templates -R-44271,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``name`` parameter value **SHOULD NOT** contain special characters -since the Contrail GUI has a limitation displaying special characters. - -However, if special characters must be used, the only special characters -supported are: --- \"" ! $ ' (\ \ ) = ~ ^ | @ ` { } [ ] > , . _",Contrail Issue with Values for OS::Nova::Server Property Name,, -R-26351,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port`` -that is attaching to an internal network Resource ID **MUST** -use the naming convention - -* ``{vm-type}_{vm-type_index}_int_{network-role}_port_{port-index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{port-index}`` is the instance of the the port on the vm-type - attached to the network of ``{network-role}``",OS::Neutron::Port,tests.test_port_resource_ids,test_port_resource_ids -R-49466,The xNF **MUST** support ONAP Controller's **UpgradeSoftware** command.,LifeCycle Management Related Commands,, -R-49396,"The xNF **MUST** support each ONAP (APPC) xNF action -by invocation of **one** playbook [#7.3.4]_. The playbook will be responsible -for executing all necessary tasks (as well as calling other playbooks) -to complete the request.",Ansible Playbook Requirements,, -R-82134,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_id`` **MUST** -be declared as type: ``string``.",vf_module_id,, -R-20947,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::InstanceIp`` -that is configuring an IPv4 Address on a sub-interface port attached to a -sub-interface network Resource ID **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_subint_{network-role}_vmi_{vmi_index}_IP_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{vmi_index}`` is the instance of the the virtual machine interface - (e.g., port) on the vm-type - attached to the network of ``{network-role}`` -* ``IP`` signifies that an IPv4 address is being configured -* ``{index}`` is the index of the IPv4 address",OS::ContrailV2::InstanceIp,, -R-58964,"The VNF **MUST** provide the capability to restrict read -and write access to data handled by the VNF.",VNF Data Protection Requirements,, -R-26567,"The xNF Package **MUST** include a run list of -roles/cookbooks/recipes, for each supported xNF action, that will -perform the desired xNF action in its entirety as specified by ONAP -(see Section 7.c, ONAP Controller APIs and Behavior, for list of xNF -actions and requirements), when triggered by a chef-client run list -in JSON file.",Chef Roles/Requirements,, -R-18733,"The xNF **MUST** implement the protocol operation: -**discard-changes()** - Revert the candidate configuration -datastore to the running configuration.",NETCONF Server Requirements,, -R-98138,"When a VNF's Heat Orchestration Template's resource is associated with a -single internal network, the Resource ID **MUST** contain the text -``int_{network-role}``.",Resource IDs,, -R-31809,"The xNF **MUST** support the HealthCheck RPC. The HealthCheck -RPC executes a xNF Provider-defined xNF HealthCheck over the scope of -the entire xNF (e.g., if there are multiple VNFCs, then run a health check, -as appropriate, for all VNFCs). It returns a 200 OK if the test completes. -A JSON object is returned indicating state (healthy, unhealthy), scope -identifier, time-stamp and one or more blocks containing info and fault -information. If the xNF is unable to run the HealthCheck, return a -standard http error code and message.",REST APIs,, -R-29977,"The VNF **MUST** provide the capability of testing the validity -of a digital certificate by validating the CA signature on the certificate.",VNF Cryptography Requirements,, -R-55306,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_index`` **MUST NOT** -be used in a -VNF's Volume Template; it is not supported.",vf_module_index,, -R-29872,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property ``network`` -parameter **MUST NOT** be enumerated in the Heat Orchestration -Template's Environment File.",Property: network,tests.test_environment_file_parameters,test_nova_server_network_parameter_doesnt_exist_in_environment_file -R-63137,"VNF's Heat Orchestration Template's Resource **MAY** declare the -attribute ``update_policy:``.",update_policy,, -R-02616,"The xNF **MUST** permit locking at the finest granularity -if a xNF needs to lock an object for configuration to avoid blocking -simultaneous configuration operations on unrelated objects (e.g., BGP -configuration should not be locked out if an interface is being -configured or entire Interface configuration should not be locked out -if a non-overlapping parameter on the interface is being configured).",NETCONF Server Requirements,, -R-38236,"The VNF's Heat Orchestration Template's -resource ``OS::Neutron::Port`` property ``fixed_ips`` -map property ``subnet``/``subnet_id`` parameter -**MUST** be declared type ``string``.","Property: fixed_ips, Map Property: subnet_id",, -R-86237,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_id`` is passed into a -Nested YAML -file, the parameter name ``vf_module_id`` **MUST NOT** change.",vf_module_id,, -R-49308,"The VNF **SHOULD** test for adherence to the defined resiliency -rating recommendation at each layer, during each delivery cycle with -delivered results, so that the resiliency rating is measured and the -code is adjusted to meet software resiliency requirements.",Deployment Optimization,, -R-48880,"If a VNF's Port is attached to an external network and the port's -IP addresses are assigned by ONAP's SDN-Controller, -the ``OS::Neutron::Port`` Resource's - -* property ``fixed_ips`` map property ``ip_address`` **MUST** be used -* property ``fixed_ips`` map property ``subnet``/``subnet_id`` - **MUST NOT** be used",Items to Note,, -R-44013,"The xNF **MUST** populate an attribute, defined as node -['PushJobOutput'] with the desired output on all nodes in the push job -that execute chef-client run if the xNF action requires the output of a -chef-client run be made available (e.g., get running configuration).",Chef Roles/Requirements,, -R-68990,"The xNF **MUST** support the **:startup** capability. It -will allow the running configuration to be copied to this special -database. It can also be locked and unlocked.",NETCONF Server Requirements,, -R-56385,The xNF **MUST** support ONAP Controller's **Audit** command.,Configuration Commands,, -R-16496,"The VNF **MUST** enable instantiating only the functionality that -is needed for the decomposed VNF (e.g., if transcoding is not needed it -should not be instantiated).",VNF Design,, -R-41159,"The VNF **MUST** deliver any and all functionality from any -VNFC in the pool (where pooling is the most suitable solution). The -VNFC pool member should be transparent to the client. Upstream and -downstream clients should only recognize the function being performed, -not the member performing it.",System Resource Optimization,, -R-29488,"The xNF **MUST** implement the protocol operation: -**get-config(source, filter)** - Retrieve a (filtered subset of -a) configuration from the configuration datastore source.",NETCONF Server Requirements,, -R-22441,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_index`` is passed into a -Nested YAML -file, the parameter name ``vf_module_index`` **MUST NOT** change.",vf_module_index,, -R-13800,"The xNF **MUST** conform to the NETCONF RFC 5277, -""NETCONF Event Notification"".",NETCONF Server Requirements,, -R-82223,"The VNF **MUST** be decomposed if the functions have -significantly different scaling characteristics (e.g., signaling -versus media functions, control versus data plane functions).",VNF Design,, -R-99646,"A VNF's YAML files (i.e, Heat Orchestration Template files and -Nested files) **MUST** have a unique name in the scope of the VNF.",ONAP Heat Orchestration Template Filenames,tests.test_get_file_only_reference_local_files,test_get_file_only_reference_local_files -R-21330,"A VNF's Heat Orchestration Template's Resource property parameter that is -associated with external network **MUST** include the ``{network-role}`` -as part of the parameter name.",{network-role},, -R-26881,"The xNF provider **MUST** provide the binaries and images -needed to instantiate the xNF (xNF and VNFC images).","Compute, Network, and Storage Requirements",, -R-95950,"The xNF **MUST** provide a NETCONF interface fully defined -by supplied YANG models for the embedded NETCONF server.",Configuration Management,, -R-64197,"A VNF's Heat Orchestration Template's Resource ``OS::Heat::ResourceGroup`` -Resource ID that creates sub-interfaces **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_subint_{network-role}_port_{port-index}_subinterfaces`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the networks - that the sub-interfaces attach to -* ``{port-index}`` is the instance of the the port on the vm-type - attached to the network of ``{network-role}``",OS::Heat::ResourceGroup,, -R-35291,"The VNF **MUST** support the ability to failover a VNFC -automatically to other geographically redundant sites if not -deployed active-active to increase the overall resiliency of the VNF.",All Layer Redundancy,, -R-85419,"The VNF **SHOULD** support OAuth 2.0 authorization using an external -Authorization Server.",VNF Identity and Access Management Requirements,, -R-48080,"The VNF **SHOULD** support an automated certificate management protocol -such as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or -Automated Certificate Management Environment (ACME).",VNF Cryptography Requirements,, -R-43884,"The VNF **SHOULD** integrate with the Operator's authentication and -authorization services (e.g., IDAM).",VNF API Security Requirements,, -R-98450,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``availability_zone`` parameter name **MUST** follow the naming convention -``availability_zone_{index}`` where the ``{index}`` -**MUST** start at zero and -increment by one.",Property: availability_zone,tests.test_availability_zone,test_availability_zone_naming -R-13344,"The VNF **MUST** log starting and stopping of security -logging.",VNF Security Analytics Requirements,, -R-68198,"A VNF's Heat Orchestration template's Environment File's -``parameters:`` section **MAY** (or **MAY NOT**) enumerate parameters.",Environment File Format,, -R-16065,"The xNF provider **MUST** provide configurable parameters -(if unable to conform to YANG model) including xNF attributes/parameters -and valid values, dynamic attributes and cross parameter dependencies -(e.g., customer provisioning data).",Configuration Management via Ansible,, -R-80335,"For all GUI and command-line interfaces, the VNF **MUST** provide the -ability to present a warning notice that is set by the Operator. A warning -notice is a formal statement of resource intent presented to everyone -who accesses the system.",VNF General Security Requirements,, -R-35851,"The xNF Package **MUST** include xNF topology that describes -basic network and application connectivity internal and external to the -xNF including Link type, KPIs, Bandwidth, latency, jitter, QoS (if -applicable) for each interface.","Compute, Network, and Storage Requirements",, -R-86588,"A VNF's Heat Orchestration Template's ``{network-role}`` case in Resource -property parameter names **SHOULD** match the case of ``{network-role}`` -in Resource IDs and vice versa.",{network-role},, -R-86585,"The VNFC **SHOULD** minimize the use of state within -a VNFC to facilitate the movement of traffic from one instance -to another.",VNF Design,, -R-841740,"The xNF **SHOULD** support FileReady VES event for event-driven bulk transfer -of monitoring data.",Bulk Performance Measurement,, -R-89913,"A VNF's Heat Orchestration Template's Cinder Volume Module Output -Parameter(s) -**MUST** include the -UUID(s) of the Cinder Volumes created in template, -while others **MAY** be included.",ONAP Volume Module Output Parameters,, -R-86586,"The xNF **MUST** use the YANG configuration models and RESTCONF -[RFC8040] (https://tools.ietf.org/html/rfc8040).",Asynchronous and Synchronous Data Delivery,, -R-11790,"The VNF **MUST** support ONAP Controller's -**Restart (stop/start or reboot)** command.",Virtual Function - Container Recovery Requirements,, -R-52060,"The VNF **MUST** provide the capability to configure encryption -algorithms or devices so that they comply with the laws of the jurisdiction -in which there are plans to use data encryption.",VNF Cryptography Requirements,, -R-86972,"A VNF **SHOULD** create the internal network in the VNF's Heat -Orchestration Template Base Module.",Internal Networks,, -R-25547,"The VNF **MUST** log the field ""protocol"" in the security audit logs.",VNF Security Analytics Requirements,, -R-98911,"The xNF **MUST NOT** use any instance specific parameters -for the xNF in roles/cookbooks/recipes invoked for a xNF action.",Chef Roles/Requirements,, -R-11499,"The xNF **MUST** fully support the XPath 1.0 specification -for filtered retrieval of configuration and other database contents. -The 'type' attribute within the parameter for and - operations may be set to 'xpath'. The 'select' attribute -(which contains the XPath expression) will also be supported by the -server. A server may support partial XPath retrieval filtering, but -it cannot advertise the **:xpath** capability unless the entire XPath -1.0 specification is supported.",NETCONF Server Requirements,, -R-68520,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port`` -that is creating a *Reserve Port* with an IPv6 address Resource ID **MUST** -use the naming convention - -* ``reserve_port_{vm-type}_{network-role}_floating_v6_ip_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{index}`` is the instance of the IPv6 *Reserve Port* - for the vm-type attached to the network of ``{network-role}``",OS::Neutron::Port,, -R-25238,"The xNF PACKAGE **MUST** validated YANG code using the open -source pyang [#7.3.1]_ program using the following commands: - -.. code-block:: text - - $ pyang --verbose --strict $ echo $!",NETCONF Server Requirements,, -R-57282,"Each VNF's Heat Orchestration Template's ``{vm-type}`` **MUST** -have a unique parameter name for the ``OS::Nova::Server`` property -``image`` even if more than one ``{vm-type}`` shares the same image.",Property: image,tests.test_nova_servers_resource_ids,test_nova_servers_valid_resource_ids -R-33955,"The xNF **SHOULD** conform its YANG model to RFC 6991, -""Common YANG Data Types"".",NETCONF Server Requirements,, -R-99766,"The VNF **MUST** allow configurations and configuration parameters -to be managed under version control to ensure the ability to rollback to -a known valid configuration.",Application Configuration Management,, -R-52753,"VNF's Heat Orchestration Template's Base Module's output parameter's -name and type **MUST** match the VNF's Heat Orchestration Template's -incremental Module's name and type unless the output parameter is of -type ``comma_delimited_list``, then the corresponding input parameter -**MUST** be declared as type ``json``.",ONAP Base Module Output Parameters,, -R-37028,A VNF **MUST** be composed of one Base Module,ONAP VNF Modularity Overview,tests.test_base_template_names,test_base_template_names -R-11240,"The xNF **MUST** respond with content encoded in JSON, as -described in the RESTCONF specification. This way the encoding of a -synchronous communication will be consistent with Avro.",Asynchronous and Synchronous Data Delivery,, -R-27711,"The xNF provider **MUST** provide an XML file that contains a -list of xNF error codes, descriptions of the error, and possible -causes/corrective action.",Resource Control Loop,, -R-93443,"The xNF **MUST** define all data models in YANG [RFC6020], -and the mapping to NETCONF shall follow the rules defined in this RFC.",NETCONF Server Requirements,, -R-51430,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``name`` parameter **MUST** be declared as either type ``string`` -or type ``comma_delimited_list``.",Property: Name,tests.test_nova_servers_vm_types,test_nova_server_name_parameter -R-52425,"A VNF's port connected to an internal network **MUST** -use the port for the purpose of reaching VMs in the same VNF.",Internal Networks,, -R-44491,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource -property -``metadata`` key/value pair ``vnf_id`` is passed into a Nested YAML -file, the key/value pair name ``vnf_id`` **MUST NOT** change.",vnf_id,, -R-91745,"The xNF **MUST** update the Ansible Server and other entities -storing and using the SSH keys for authentication when the SSH -keys used by Ansible are regenerated/updated. - -Note: Ansible Server itself may be used to upload new SSH public -keys onto supported VNFs.",Ansible Client Requirements,, -R-46119,"A VNF's Heat Orchestration Template's Resource OS::Heat::CinderVolume -**MAY** be defined in a Base Module.",ONAP VNF Modularity Overview,, -R-43958,"The xNF Package **MUST** include documentation describing -the tests that were conducted by the xNF provider and the test results.",Testing,, -R-68165,"The xNF **MUST** encrypt any content containing Sensitive Personal -Information (SPI) or certain proprietary data, in addition to applying the -regular procedures for securing access and delivery.",Security,, -R-44569,"The xNF provider **MUST NOT** require additional -infrastructure such as a xNF provider license server for xNF provider -functions and metrics.",Licensing Requirements,, -R-10834,"If a VNF's Heat Orchestration Template resource attribute -``property:`` uses a nested ``get_param``, the nested -``get_param`` **MUST** reference an index.",properties,, -R-82811,The xNF **MUST** support ONAP Controller's **StartApplication** command.,LifeCycle Management Related Commands,, -R-81725,A VNF's Incremental Module **MUST** have a corresponding Environment File,ONAP VNF Modularity Overview,tests.test_env_and_yaml_same_name,test_env_and_yaml_same_name -R-81777,"The xNF **MUST** be configured with initial address(es) to use -at deployment time. Subsequently, address(es) may be changed through -ONAP-defined policies delivered from ONAP to the xNF using PUTs to a -RESTful API, in the same manner that other controls over data reporting -will be controlled by policy.",Addressing and Delivery Protocol,, -R-32557,"A VNF's Heat Orchestration Template parameter declaration **MAY** -contain the attribute ``hidden:``.",hidden,, -R-83412,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``allowed_address_pairs`` -map property ``ip_address`` parameter -``{vm-type}_{network-role}_floating_ip`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","VIP Assignment, External Networks, Supported by Automation",tests.test_environment_file_parameters,test_neutron_port_aap_ip_parameter_doesnt_exist_in_environment_file -R-49224,"The VNF **MUST** provide unique traceability of a transaction -through its life cycle to ensure quick and efficient troubleshooting.",Monitoring & Dashboard,, -R-84473,"The VNF **MUST** enable DPDK in the guest OS for VNF's requiring -high packets/sec performance. High packet throughput is defined as greater -than 500K packets/sec.",VNF Design,, -R-18864,"The VNF **MUST NOT** use technologies that bypass virtualization -layers (such as SR-IOV) unless approved by the NCSP (e.g., if necessary -to meet functional or performance requirements).",VNF Design,, -R-39349,"A VNF Heat Orchestration Template **MUST NOT** be designed to utilize the -OpenStack ``heat stack-update`` command for scaling (growth/de-growth).",Support of heat stack update,, -R-67114,"The xNF **MUST** be installed with Chef-Client >= 12.0 and Chef -push jobs client >= 2.0.",Chef Client Requirements,, -R-36582,A VNF's Base Module **MAY** utilize nested heat.,Nested Heat Orchestration Templates Overview,, -R-10754,"If a VNF has two or more ports that -attach to an external network that require a Virtual IP Address (VIP), -and the VNF requires ONAP automation to assign the IP address, -all the Virtual Machines using the VIP address **MUST** -be instantiated in the same Base Module Heat Orchestration Template -or in the same Incremental Module Heat Orchestration Template.","VIP Assignment, External Networks, Supported by Automation",, -R-91125,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``image`` parameter **MUST** be enumerated in the Heat Orchestration -Template's Environment File and a value **MUST** be assigned.",Property: image,tests.test_environment_file_parameters,test_nova_server_image_parameter_exists_in_environment_file -R-88524,"A VNF's Heat Orchestration Template's Volume Template -Output Parameter names -**MUST** contain ``{vm-type}`` when appropriate.",ONAP Volume Template Output Parameters:,, -R-11235,"The xNF **MUST** implement the protocol operation: -**kill-session(session)** - Force the termination of **session**.",NETCONF Server Requirements,, -R-98989,"The VNF **SHOULD** utilize resource pooling (threads, -connections, etc.) within the VNF application so that resources -are not being created and destroyed resulting in resource management -overhead.",System Resource Optimization,, -R-41888,"A VNF's Heat Orchestration Template intrinsic function -``get_file`` **MUST NOT** utilize URL-based file retrieval.",Heat Files Support (get_file),, -R-58358,"The xNF **MUST** implement the **:with-defaults** capability -[RFC6243].",NETCONF Server Requirements,, -R-77707,"The xNF provider **MUST** include a Manifest File that -contains a list of all the components in the xNF package.",Resource Description,, -R-48698,"The xNF **MUST** utilize information from key value pairs -that will be provided by the Ansible Server as ""extra-vars"" during -invocation to execute the desired xNF action. If the playbook requires -files, they must also be supplied using the methodology detailed in -the Ansible Server API, unless they are bundled with playbooks, example, -generic templates.",Ansible Playbook Requirements,, -R-06885,"The VNF **SHOULD** support the ability to scale down a VNFC pool -without jeopardizing active sessions. Ideally, an active session should -not be tied to any particular VNFC instance.",System Resource Optimization,, -R-29324,"The xNF **SHOULD** implement the protocol operation: -**copy-config(target, source) -** Copy the content of the -configuration datastore source to the configuration datastore target.",NETCONF Server Requirements,, -R-04492,"The VNF **MUST** generate security audit logs that can be sent -to Security Analytics Tools for analysis.",VNF Security Analytics Requirements,, -R-67597,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vm_role`` **MUST NOT** -have parameter constraints defined.",vm_role,, -R-12538,"The VNF **SHOULD** support load balancing and discovery -mechanisms in resource pools containing VNFC instances.",System Resource Optimization,, -R-13841,"A VNF **MAY** have one or more ports connected to a unique -internal network. All VNF ports connected to the unique internal -network **MUST** have Cloud Assigned IP Addresses -or **MUST** have statically assigned IP addresses.",Items to Note,, -R-80829,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``subnet``/``subnet_id`` parameter -``{network-role}_v6_subnet_id`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: subnet_id",tests.test_environment_file_parameters,test_neutron_port_fixedips_subnet_parameter_doesnt_exist_in_environment_file -R-90206,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -``{vm-type}_int_{network-role}_int_ips`` -**MUST** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-74978,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``workload_context`` **MUST** -be declared as type: ``string``.",workload_context,tests.test_nova_servers_workload_context,test_workload_context -R-87848,"When using the intrinsic function get_file, ONAP does not support -a directory hierarchy for included files. All files must be in a -single, flat directory per VNF. A VNF's Heat Orchestration -Template's ``get_file`` target files **MUST** be in the same -directory hierarchy as the VNF's Heat Orchestration Templates.",Heat Files Support (get_file),, -R-62802,"When the VNF's Heat Orchestration Template's -resource ``OS::Neutron::Port`` is attaching -to an external network (per the ONAP definition, see -Requirement R-57424), -and an IPv4 address is being cloud assigned by OpenStack's DHCP Service -and the external network IPv4 subnet is to be specified -using the property ``fixed_ips`` -map property ``subnet``/``subnet_id``, the parameter -**MUST** follow the naming convention - - * ``{network-role}_subnet_id`` - -where - - * ``{network-role}`` is the network role of the network.","Property: fixed_ips, Map Property: subnet_id",, -R-87485,"A VNF's Heat Orchestration Template's file extension **MUST** -be in the lower case format ``.yaml`` or ``.yml``.",ONAP Heat Orchestration Template Filenames,tests.test_base_template_names,test_base_template_names -R-19366,The xNF **MUST** support ONAP Controller's **ConfigModify** command.,Configuration Commands,, -R-35414,"A VNF Heat Orchestration's template **MUST** contain the -section ``parameters:``.",parameters,tests.test_heat_template_structure,test_heat_template_structure_contains_parameters -R-02454,"The VNF **MUST** support the existence of multiple major/minor -versions of the VNF software and/or sub-components and interfaces that -support both forward and backward compatibility to be transparent to -the Service Provider usage.",Deployment Optimization,, -R-25190,"A VNF's Heat Orchestration Template's Resource ``OS::Cinder::Volume`` -**SHOULD NOT** declare the property ``availability_zone``.",Optional Property availability_zone,, -R-35144,"The VNF **MUST**, if not using the NCSP's IDAM API, comply -with the NCSP's credential management policy.",VNF General Security Requirements,, -R-54520,"The VNF **MUST** log successful and unsuccessful authentication -attempts, e.g., authentication associated with a transaction, -authentication to create a session, authentication to assume elevated -privilege.",VNF Security Analytics Requirements,, -R-85328,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource **MAY** -contain the ``metadata`` map value parameter ``vm_role``.",vm_role,, -R-87563,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::InstanceIp`` -that is configuring an IPv6 Address on a port attached to an internal network -Resource ID **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_int_{network-role}_vmi_{vmi_index}_v6_IP_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{vmi_index}`` is the instance of the the virtual machine interface - (e.g., port) on the vm-type - attached to the network of ``{network-role}`` -* ``v6_IP`` signifies that an IPv6 address is being configured -* ``{index}`` is the index of the IPv6 address",OS::ContrailV2::InstanceIp,, -R-87564,"The xNF **SHOULD** conform its YANG model to RFC 7317, -""A YANG Data Model for System Management"".",NETCONF Server Requirements,, -R-75943,"The xNF **SHOULD** support the data schema defined in 3GPP TS 32.435, when -supporting the event-driven bulk transfer of monitoring data.",Bulk Performance Measurement,, -R-42366,"The xNF **MUST** support secure connections and transports such as -Transport Layer Security (TLS) protocol -[`RFC5246 `_] and should adhere to -the best current practices outlined in -`RFC7525 `_.",Security,, -R-73364,"The VNF **MUST** support at least two major versions of the -VNF software and/or sub-components to co-exist within production -environments at any time so that upgrades can be applied across -multiple systems in a staggered manner.",Deployment Optimization,, -R-22589,"A VNF's Heat Orchestration Template parameter declaration -**MAY** contain the attribute ``immutable:``.",immutable,, -R-16437,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::ServiceTemplate`` -Resource ID **MUST** contain the ``{vm-type}``.",OS::ContrailV2::ServiceTemplate,, -R-63229,"The xNF **MAY** use another option which is expected to include REST -for synchronous data, using RESTCONF (e.g., for xNF state polling).",Addressing and Delivery Protocol,, -R-89010,"The VNF **MUST** survive any single points of software failure -internal to the VNF (e.g., in memory structures, JMS message queues).",All Layer Redundancy,, -R-83227,"The VNF **MUST** Provide the capability to encrypt data in -transit on a physical or virtual network.",VNF Data Protection Requirements,, -R-11690,"When a VNF's Heat Orchestration Template's Resource ID contains an -``{index}`` value (e.g. multiple VMs of same ``{vm-type}``), the ``{index}`` -**MUST** start at zero and increment by one.",Resource IDs,tests.test_nova_servers_index,test_indices -R-01101,"A VNF's Heat Orchestration Template **MAY** -reference the nested heat dynamically using the resource -``OS::Heat::ResourceGroup``.",Nested Heat Template Requirements,, -R-79531,"The VNF Heat Orchestration Template **MUST** define -""outputs"" in the volume template for each Cinder volume -resource universally unique identifier (UUID) (i.e. ONAP -Volume Template Output Parameters).",ONAP Heat Cinder Volumes,, -R-83146,The xNF **MUST** support ONAP Controller's **StopApplication** command.,LifeCycle Management Related Commands,, -R-85734,"If a VNF's Heat Orchestration Template contains the property ``name`` -for a non ``OS::Nova::Server`` resource, the intrinsic function -``str_replace`` **MUST** be used in conjunction with the ONAP -supplied metadata parameter ``vnf_name`` to generate a unique value.",Resource Property “name”,, -R-81339,"A VNF Heat Orchestration Template's Base Module file name **MUST** include -case insensitive 'base' in the filename and -**MUST** match one of the following four -formats: - - 1.) ``base_.y[a]ml`` - - 2.) ``_base.y[a]ml`` - - 3.) ``base.y[a]ml`` - - 4.) ``_base_``.y[a]ml - -where ```` **MUST** contain only alphanumeric characters and -underscores '_' and **MUST NOT** contain the case insensitive word ``base``.",Base Modules,tests.test_base_template_names,test_base_template_names -R-57424,"A VNF's port connected to an external network **MUST** -use the port for the purpose of reaching -VMs in another VNF and/or an external gateway and/or external router. -A VNF's port connected to an external network **MAY** -use the port for the purpose of reaching VMs in the same VNF.",External Networks,, -R-42140,"The xNF **MUST** respond to data requests from ONAP as soon -as those requests are received, as a synchronous response.",Asynchronous and Synchronous Data Delivery,, -R-28222,"If a VNF's Heat Orchestration Template -``OS::ContrailV2::InterfaceRouteTable`` resource -``interface_route_table_routes`` property -``interface_route_table_routes_route`` map property parameter name -**MUST** follow the format - -* ``{vm-type}_{network-role}_route_prefixes``",Interface Route Table Prefixes for Contrail InterfaceRoute Table,, -R-63953,"The xNF **MUST** have the echo command return a zero value -otherwise the validation has failed.",NETCONF Server Requirements,, -R-27310,"The xNF Package **MUST** include all relevant Chef artifacts -(roles/cookbooks/recipes) required to execute xNF actions requested by -ONAP for loading on appropriate Chef Server.",Chef Roles/Requirements,, -R-13627,"The VNF **MUST** monitor API invocation patterns to detect -anomalous access patterns that may represent fraudulent access or other -types of attacks, or integrate with tools that implement anomaly and -abuse detection.",VNF Security Analytics Requirements,, -R-40813,"The VNF **SHOULD** support the use of virtual trusted platform -module.",VNF General Security Requirements,, -R-15325,"The VNF **MUST** log the field ""success/failure"" in the -security audit logs.",VNF Security Analytics Requirements,, -R-08315,"The VNF **SHOULD** use redundant connection pooling to connect -to any backend data source that can be switched between pools in an -automated/scripted fashion to ensure high availability of the connection -to the data source.",Intelligent Transaction Distribution & Management,, -R-86835,"The VNF **MUST** set the default settings for user access -to deny authorization, except for a super user type of account. -When a VNF is added to the network, nothing should be able to use -it until the super user configures the VNF to allow other users -(human and application) have access.",VNF Identity and Access Management Requirements,, -R-69663,"A VNF **MAY** be composed from one or more Heat Orchestration -Templates, each of which represents a subset of the overall VNF.",ONAP VNF Modularity Overview,, -R-15480,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_name`` **MUST NOT** -have parameter constraints defined.",vf_module_name,, -R-13390,"The xNF provider **MUST** provide cookbooks to be loaded -on the appropriate Chef Server.",Configuration Management via Chef,, -R-06413,"The VNF **MUST** log the field ""service or program used for access"" -in the security audit logs.",VNF Security Analytics Requirements,, -R-25401,The VNF **MUST** use asymmetric keys of at least 2048 bits in length.,VNF Cryptography Requirements,, -R-30395,A VNF's Cinder Volume Module **MAY** utilize nested heat.,Nested Heat Orchestration Templates Overview,, -R-70266,"The xNF **MUST** respond to an ONAP request to deliver the -current data for any of the record types defined in -`Event Records - Data Structure Description`_ by returning the requested -record, populated with the current field values. (Currently the defined -record types include fault fields, mobile flow fields, measurements for -xNF scaling fields, and syslog fields. Other record types will be added -in the future as they become standardized and are made available.)",Asynchronous and Synchronous Data Delivery,, -R-53015,"The xNF **MUST** apply locking based on the sequence of -NETCONF operations, with the first configuration operation locking -out all others until completed.",NETCONF Server Requirements,, -R-60011,"A VNF's Heat Orchestration Template **MUST** have no more than -two levels of nesting.",Nested Heat Template Requirements,, -R-33694,"The xNF Package **MUST** include documentation to when applicable, -provide calculators needed to convert raw data into appropriate reporting -artifacts.",Resource Control Loop,, -R-01033,"The xNF **MAY** use another option which is expected to include SFTP -for asynchronous bulk files, such as bulk files that contain large volumes -of data collected over a long time interval or data collected across many -xNFs. (Preferred is to reorganize the data into more frequent or more focused -data sets, and deliver these by REST or TCP as appropriate.)",Addressing and Delivery Protocol,, -R-21652,"The VNF **MUST** implement the following input validation -control: Check the size (length) of all input. Do not permit an amount -of input so great that it would cause the VNF to fail. Where the input -may be a file, the VNF API must enforce a size limit.",VNF API Security Requirements,, -R-99771,"The VNF **MUST** have all code (e.g., QCOW2) and configuration files -(e.g., HEAT template, Ansible playbook, script) hardened, or with -documented recommended configurations for hardening and interfaces that -allow the Operator to harden the VNF. Actions taken to harden a system -include disabling all unnecessary services, and changing default values -such as default credentials and community strings.",VNF General Security Requirements,, -R-75041,"The VNF **MUST**, if not integrated the Operator's Identity and Access -Management system, support configurable password expiration.",VNF Identity and Access Management Requirements,, -R-90279,"A VNF Heat Orchestration's template's parameter **MUST** be used -in a resource with the exception of the parameters for the -``OS::Nova::Server`` resource property ``availability_zone``.",parameters,tests.test_no_unused_parameters_between_env_and_templates,test_no_unused_parameters_between_env_and_templates -R-95303,A VNF's Heat Orchestration Template **MUST** be defined using valid YAML.,YAML Format,tests.test_initial_configuration,test_00_valid_yaml -R-00606,"A VNF **MAY** be connected to zero, one or more than one external -networks.",External Networks,, -R-54816,"The VNF **MUST** support the storage of security audit logs -for agreed period of time for forensic analysis.",VNF Security Analytics Requirements,, -R-74712,"The VNF **MUST** utilize FQDNs (and not IP address) for -both Service Chaining and scaling.",System Resource Optimization,, -R-46567,"The xNF Package **MUST** include configuration scripts -for boot sequence and configuration.",Configuration Management via Ansible,, -R-89571,"The xNF **MUST** support and provide artifacts for configuration -management using at least one of the following technologies; -a) Netconf/YANG, b) Chef, or c) Ansible. - -Note: The requirements for Netconf/YANG, Chef, and Ansible protocols -are provided separately and must be supported only if the corresponding -protocol option is provided by the xNF providor.",Resource Configuration,, -R-75141,"A VNF's Heat Orchestration Template's resource name -(i.e., ) **MUST** only contain alphanumeric -characters and underscores ('_').",resource ID,tests.test_resource_ids_alphanumeric_only,test_alphanumeric_resource_ids_only -R-60656,The xNF **MUST** support sub tree filtering.,NETCONF Server Requirements,, -R-36542,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vnf_name`` **MUST NOT** -be enumerated in the Heat Orchestration Template's environment file.",vnf_name,tests.test_environment_file_parameters,test_nova_server_vnf_name_parameter_doesnt_exist_in_environment_file -R-54190,"The xNF **MUST** release locks to prevent permanent lock-outs -when/if a session applying the lock is terminated (e.g., SSH session -is terminated).",NETCONF Server Requirements,, -R-91497,"A VNF's incremental module **MAY** be used for both deployment and -scale out.",ONAP VNF Modularity Overview,, -R-56815,"The xNF Package **MUST** include documentation describing -supported xNF scaling capabilities and capacity limits (e.g., number -of users, bandwidth, throughput, concurrent calls).",Resource Control Loop,, -R-03595,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::SecurityGroup`` that -is applicable to more than one ``{vm-type}`` and one external network Resource ID -**SHOULD** use the naming convention - -* ``{network-role}_security_group`` - -where - -* ``{network-role}`` is the network-role",OS::Neutron::SecurityGroup,, -R-33846,"The VNF **MUST** install the NCSP required software on Guest OS -images when not using the NCSP provided Guest OS images. [#4.5.1]_",VNF Devops,, -R-32981,The xNF **MUST** support ONAP Controller's **ConfigBackup** command.,Configuration Commands,, -R-10716,"The xNF **MUST** support parallel and simultaneous -configuration of separate objects within itself.",NETCONF Server Requirements,, -R-93272,"A VNF **MAY** have one or more ports connected to a unique -external network. All VNF ports connected to the unique external -network **MUST** have Cloud Assigned IP Addresses -or **MUST** have ONAP SDN-C assigned IP addresses.",Items to Note,, -R-35666,"If a VNF has an internal network, the VNF Heat Orchestration Template -**MUST** include the heat resources to create the internal network.",Internal Networks,, -R-75850,"The VNF **SHOULD** decouple persistent data from the VNFC -and keep it in its own datastore that can be reached by all instances -of the VNFC requiring the data.",VNF Design,, -R-55218,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` -resource property -``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST NOT** -have parameter constraints defined.",vnf_id,tests.test_required_parameters_no_constraints,test_required_parameters_no_constraints -R-41215,"The VNF **MAY** have zero to many ""incremental"" modules.",ONAP VNF Modularity Overview,, -R-46128,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::InstanceIp`` -that is configuring an IPv6 Address on a port attached to an external network -Resource ID **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_{network-role}_vmi_{vmi_index}_v6_IP_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{vmi_index}`` is the instance of the the virtual machine interface - (e.g., port) on the vm-type - attached to the network of {network-role} -* ``v6_IP`` signifies that an IPv6 address is being configured -* ``{index}`` is the index of the IPv6 address",OS::ContrailV2::InstanceIp,, -R-13151,"The VNF **SHOULD** disable the paging of the data requiring -encryption, if possible, where the encryption of non-transient data is -required on a device for which the operating system performs paging to -virtual memory. If not possible to disable the paging of the data -requiring encryption, the virtual memory should be encrypted.",VNF Data Protection Requirements,, -R-56920,"The VNF **MUST** protect all security audit logs (including -API, OS and application-generated logs), security audit software, data, -and associated documentation from modification, or unauthorized viewing, -by standard OS access control mechanisms, by sending to a remote system, -or by encryption.",VNF Security Analytics Requirements,, -R-96227,"A VNF's Heat Orchestration Template's parameter defined -in a non-nested YAML file as type -``json`` **MAY** have a parameter constraint defined.",constraints,, -R-20308,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``environment_context`` **MUST** -be declared as type: ``string``.",environment_context,tests.test_nova_servers_environment_context,test_environment_context -R-67231,"A VNF's Heat Orchestration template's Environment File's -**MUST NOT** contain the ``resource_registry:`` section.",Environment File Format,tests.test_env_no_resource_registry,test_env_no_resource_registry -R-22059,"The VNF **MUST NOT** execute long running tasks (e.g., IO, -database, network operations, service calls) in a critical section -of code, so as to minimize blocking of other operations and increase -concurrent throughput.",System Resource Optimization,, -R-46839,"A VNF's Heat Orchestration Template's use of ``{vm-type}`` -in all Resource IDs **MUST** be the same case.",{vm-type},tests.test_vm_type_resource_id,test_vm_type_resource_id -R-64768,"The VNF **MUST** limit the size of application data packets -to no larger than 9000 bytes for SDN network-based tunneling when -guest data packets are transported between tunnel endpoints that -support guest logical networks.",VNF Design,, -R-41829,"The xNF **MUST** be able to specify the granularity of the -lock via a restricted or full XPath expression.",NETCONF Server Requirements,, -R-12271,"The xNF **SHOULD** conform its YANG model to RFC 7223, -""IANA Interface Type YANG Module"".",NETCONF Server Requirements,, -R-58421,The VNF **SHOULD** be decomposed into granular re-usable VNFCs.,VNF Design,, -R-67793,"When a VNF's Heat Orchestration Template's resource is associated -with more than one ``{vm-type}`` and/or more than one internal and/or -external network, the Resource ID **MUST** not contain the ``{vm-type}`` -and/or ``{network-role}``/``int_{network-role}``. It also should contain the -term ``shared`` and/or contain text that identifies the VNF.",Resource IDs,, -R-62428,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vnf_name`` **MUST** -be declared as type: ``string``.",vnf_name,, -R-58424,"A VNF's Heat Orchestration Template's use of ``{network-role}`` -in all Resource property parameter names **MUST** be the same case.",{network-role},, -R-36687,"A VNF's Heat Orchestration Template's ``{vm-type}`` case in Resource -property parameter names **SHOULD** match the case of ``{vm-type}`` -in Resource IDs and vice versa.",{vm-type},, -R-91273,"A VNF Heat Orchestration's template's parameter for the -``OS::Nova::Server`` resource property ``availability_zone`` -**MAY NOT** be used in any ``OS::Nova::Server``.",parameters,, -R-65515,"The VNF **MUST** provide a mechanism and tool to start VNF -containers (VMs) without impacting service or service quality assuming -another VNF in same or other geographical location is processing service -requests.",Application Resilient Error Handling,, -R-10623,"Telemetry data delivered using Google Protocol Buffers v3 (proto3) -**MUST** be serialized in one of the following methods: - - * Key-value Google Protocol Buffers (KV-GPB) is also known as - self-describing GPB: - - * keys are strings that correspond to the path of the system - resources for the VNF being monitored. - * values correspond to integers or strings that identify the - operational state of the VNF resource, such a statistics counters - and the state of a VNF resource. - * VNF providers must supply valid KV-GPB definition file(s) to allow - for the decoding of all KV-GPB encoded telemetry messages. - - * Native Google Protocol Buffers (GPB) is also known as compact GPB: - - * keys are represented as integers pointing to the system resources for - the VNF being monitored. - * values correspond to integers or strings that identify the operational - state of the VNF resource, such a statistics counters and the state - of a VNF resource. - * Google Protocol Buffers (GPB) requires metadata in the form of .proto - files. VNF providers must supply the necessary GPB .proto files such that - GPB telemetry messages can be encoded and decoded.",KV-GPB/GPB,, -R-23475,"VNFCs **SHOULD** be agnostic to the details of the Network Cloud -(such as hardware, host OS, Hypervisor or container technology) and must run -on the Network Cloud with acknowledgement to the paradigm that the Network -Cloud will continue to rapidly evolve and the underlying components of -the platform will change regularly.",VNF Devops,, -R-97102,"The VNF Package **MUST** include VM requirements via a Heat -template that provides the necessary data for VM specifications -for all VNF components - for hypervisor, CPU, memory, storage.","Compute, Network, and Storage Requirements",, -R-47597,The xNF **MUST** carry data in motion only over secure connections.,Security,, -R-81147,"The VNF **MUST** have greater restrictions for access and -execution, such as up to 3 factors of authentication and restricted -authorization, for commands affecting network services, such as -commands relating to VNFs.",VNF Identity and Access Management Requirements,, -R-18725,"The VNF **MUST** handle the restart of a single VNFC instance -without requiring all VNFC instances to be restarted.",Application Resilient Error Handling,, -R-54171,"When the VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property ``name`` parameter is defined as a ``string``, -the parameter name **MUST** follow the naming convention -``{vm-type}_name_{index}``, where ``{index}`` is a numeric -value that starts at -zero and increments by one.",Property: Name,tests.test_nova_servers_vm_types,test_nova_server_name_parameter -R-76057,"VNF Heat Orchestration Template's Nested YAML file name **MUST** contain -only alphanumeric characters and underscores '_' and -**MUST NOT** contain the case insensitive word ``base``.",Nested Heat file,tests.test_base_template_names,test_base_template_names -R-92193,"A VNF's Heat Orchestration Template's parameter -``{network-role}_net_fqdn`` -**MUST NOT** be enumerated in the VNF's Heat Orchestration Template's -Environment File.",External Networks,tests.test_environment_file_parameters,test_network_fqdn_parameter_doesnt_exist_in_environment_file -R-47204,"The VNF **MUST** be capable of protecting the confidentiality and integrity -of data at rest and in transit from unauthorized access and modification.",VNF Data Protection Requirements,, -R-04298,"The xNF provider **MUST** provide their testing scripts to -support testing.",Testing,, -R-41492,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an external network (per the -ONAP definition, see Requirement R-57424), -and an IPv4 Virtual IP (VIP) -address is assigned via ONAP automation -using the property ``allowed_address_pairs`` -map property ``ip_address`` and -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_{network-role}_floating_ip`` - -where - - * ``{vm-type}`` is the {vm-type} associated with the - OS::Nova::Server - * ``{network-role}`` is the {network-role} of the external - network - -And the parameter **MUST** be declared as type ``string``.","VIP Assignment, External Networks, Supported by Automation",tests.test_allowed_address_pairs_include_vm_type_network_role,test_allowed_address_pairs_include_vm_type_network_role -R-62300,"If a VNF has two or more ports that require a Virtual IP Address (VIP), -a VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``allowed_address_pairs`` -map property ``ip_address`` parameter -**MUST** be used.","Property: allowed_address_pairs, Map Property: ip_address",, -R-09467,The VNF **MUST** utilize only NCSP standard compute flavors. [#4.5.1]_,VNF Devops,, -R-16968,"A VNF's Heat Orchestration Templates **MUST NOT** include heat -resources to create external networks.",External Networks,, -R-28545,"The xNF **MUST** conform its YANG model to RFC 6060, -""YANG - A Data Modeling Language for the Network Configuration -Protocol (NETCONF)"".",NETCONF Server Requirements,, -R-38474,The VNF **MUST** have a corresponding environment file for a Base Module.,ONAP VNF Modularity Overview,tests.test_env_and_yaml_same_name,test_env_and_yaml_same_name -R-01556,"The xNF Package **MUST** include documentation describing the -fault, performance, capacity events/alarms and other event records -that are made available by the xNF.",Resource Control Loop,, -R-16576,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vnf_name`` is passed into a Nested YAML -file, the parameter name ``vnf_name`` **MUST NOT** change.",vnf_name,, -R-46908,"The VNF **MUST**, if not integrated with the Operator's Identity -and Access Management system, comply with ""password complexity"" -policy. When passwords are used, they shall be complex and shall at -least meet the following password construction requirements: (1) be a -minimum configurable number of characters in length, (2) include 3 of -the 4 following types of characters: upper-case alphabetic, lower-case -alphabetic, numeric, and special, (3) not be the same as the UserID -with which they are associated or other common strings as specified -by the environment, (4) not contain repeating or sequential characters -or numbers, (5) not to use special characters that may have command -functions, and (6) new passwords must not contain sequences of three -or more characters from the previous password.",VNF Identity and Access Management Requirements,, -R-84160,"The VNF **MUST** have security logging for VNFs and their -OSs be active from initialization. Audit logging includes automatic -routines to maintain activity records and cleanup programs to ensure -the integrity of the audit/logging systems.",VNF Security Analytics Requirements,, -R-03070,"The xNF **MUST**, by ONAP Policy, provide the ONAP addresses -as data destinations for each xNF, and may be changed by Policy while -the xNF is in operation. We expect the xNF to be capable of redirecting -traffic to changed destinations with no loss of data, for example from -one REST URL to another, or from one TCP host and port to another.",Addressing and Delivery Protocol,, -R-22946,"The xNF **SHOULD** conform its YANG model to RFC 6536, -""NETCONF Access Control Model"".",NETCONF Server Requirements,, -R-67709,"The VNF **MUST** be designed, built and packaged to enable -deployment across multiple fault zones (e.g., VNFCs deployed in -different servers, racks, OpenStack regions, geographies) so that -in the event of a planned/unplanned downtime of a fault zone, the -overall operation/throughput of the VNF is maintained.",All Layer Redundancy,, -R-57855,"The VNF **MUST** support hitless staggered/rolling deployments -between its redundant instances to allow ""soak-time/burn in/slow roll"" -which can enable the support of low traffic loads to validate the -deployment prior to supporting full traffic loads.",Deployment Optimization,, -R-12110,"The VNF **MUST NOT** use keys generated or derived from -predictable functions or values, e.g., values considered predictable -include user identity information, time of day, stored/transmitted data.",VNF Data Protection Requirements,, -R-29705,"The VNF **MUST** restrict changing the criticality level of a -system security alarm to users with administrative privileges.",VNF Security Analytics Requirements,, -R-90152,"A VNF's Heat Orchestration Template's -``resources:`` section **MUST** contain the declaration of at -least one resource.",resources,, -R-07443,"A VNF's Heat Orchestration Templates' Cinder Volume Module Output -Parameter's name and type **MUST** match the input parameter name and type -in the corresponding Base Module or Incremental Module unless the Output -Parameter is of the type ``comma_delimited_list``, then the corresponding -input parameter **MUST** be declared as type ``json``.",ONAP Volume Module Output Parameters,tests.test_volume_outputs_consumed,test_volume_outputs_consumed -R-98407,"A VNF's Heat Orchestration Template's ``{vm-type}`` **MUST** contain only -alphanumeric characters and/or underscores '_' and **MUST NOT** -contain any of the following strings: -``_int`` or ``int_`` or ``_int_``.",{vm-type},tests.test_vm_type_syntax,test_vm_type_syntax -R-26508,"The xNF **MUST** support a NETCONF server that can be mounted on -OpenDaylight (client) and perform the operations of: modify, update, -change, rollback configurations using each configuration data element, -query each state (non-configuration) data element, execute each YANG -RPC, and receive data through each notification statement.",NETCONF Server Requirements,, -R-26506,"A VNF's Heat Orchestration Template's ``{network-role}`` **MUST** contain -only alphanumeric characters and/or underscores '_' and -**MUST NOT** contain any of the following strings: -``_int`` or ``int_`` or ``_int_``.",{network-role},tests.test_port_resource_ids,test_port_resource_ids -R-87004,"A VNF's Heat Orchestration Template's Resource -``OS::Cinder::Volume`` -Resource ID -**SHOULD** -use the naming convention - -* ``{vm-type}_volume_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{index}`` starts at zero and increments by one",OS::Cinder::Volume,, -R-29495,"The xNF **MUST** support locking if a common object is -being manipulated by two simultaneous NETCONF configuration operations -on the same xNF within the context of the same writable running data -store (e.g., if an interface parameter is being configured then it -should be locked out for configuration by a simultaneous configuration -operation on that same interface parameter).",NETCONF Server Requirements,, -R-18202,"A VNF's Heat Orchestration Template's Resource -``OS::Heat::MultipartMime`` -Resource ID -**MAY** -use the naming convention - -* ``{vm-type}_RMM`` - -where - -* ``{vm-type}`` is the vm-type -* ``RMM`` signifies that it is the Resource Multipart Mime",OS::Heat::MultipartMime,, -R-71699,"A VNF's Heat Orchestration Template's Resource -**MUST NOT** reference a HTTP-based Nested YAML file.",type,, -R-76160,"When - - * the VNF's Heat Orchestration Template's - resource ``OS::Neutron::Port`` in an Incremental Module is attaching - to an internal network (per the ONAP definition, see Requirement TBD) - that is created in the Base Module, AND - * an IPv6 address is being cloud assigned by OpenStack's DHCP Service AND - * the internal network IPv6 subnet is to be specified - using the property ``fixed_ips`` map property ``subnet``/``subnet_id``, - -the parameter **MUST** follow the naming convention -``int_{network-role}_v6_subnet_id``, -where ``{network-role}`` is the network role of the internal network. - -Note that the parameter **MUST** be defined as an ``output`` parameter in -the base module.","Property: fixed_ips, Map Property: subnet_id",, -R-71493,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource **MUST** -contain the ``metadata`` map value parameter ``vf_module_id``.",vf_module_id,tests.test_servers_have_required_metadata,test_servers_have_required_metadata -R-99730,"The VNF **MUST** include the field ""Login ID"" in the Security -alarms (where applicable and technically feasible).",VNF Security Analytics Requirements,, -R-19624,"The xNF **MUST** encode and serialize content delivered to -ONAP using JSON (RFC 7159) plain text format. High-volume data -is to be encoded and serialized using `Avro `_, -where the Avro [#7.4.1]_ data format are described using JSON. - -Note: - - - JSON plain text format is preferred for moderate volume data sets - (option 1), as JSON has the advantage of having well-understood simple - processing and being human-readable without additional decoding. Examples - of moderate volume data sets include the fault alarms and performance - alerts, heartbeat messages, measurements used for xNF scaling and syslogs. - - Binary format using Avro is preferred for high volume data sets - (option 2) such as mobility flow measurements and other high-volume - streaming events (such as mobility signaling events or SIP signaling) - or bulk data, as this will significantly reduce the volume of data - to be transmitted. As of the date of this document, all events are - reported using plain text JSON and REST. - - Avro content is self-documented, using a JSON schema. The JSON schema is - delivered along with the data content - (http://avro.apache.org/docs/current/ ). This means the presence and - position of data fields can be recognized automatically, as well as the - data format, definition and other attributes. Avro content can be - serialized as JSON tagged text or as binary. In binary format, the - JSON schema is included as a separate data block, so the content is - not tagged, further compressing the volume. For streaming data, Avro - will read the schema when the stream is established and apply the - schema to the received content.",JSON,, -R-99110,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::VirtualNetwork`` Resource ID **MUST** use the naming convention - -1) ``int_{network-role}_network`` - -or - -2) ``int_{network-role}_RVN`` where RVN represents Resource Virtual - Network - -VNF Heat Orchestration Templates can only create internal networks. -There is no ``{index}`` after ``{network-role}`` because ``{network-role}`` -**MUST** be unique in the scope of the VNF's -Heat Orchestration Template.",OS::ContrailV2::VirtualNetwork,, -R-78116,"The xNF **MUST** update status on the Chef Server -appropriately (e.g., via a fail or raise an exception) if the -chef-client run encounters any critical errors/failures when -executing a xNF action.",Chef Roles/Requirements,, -R-83706,"When a VNF's Heat Orchestration Template's Virtual Machine -(i.e., ``OS::Nova::Server`` resource) boots from an image, the -``OS::Nova::Server`` resource property ``image`` **MUST** be used.",Boot Options,, -R-43253,"The xNF **MUST** use playbooks designed to allow Ansible -Server to infer failure or success based on the ""PLAY_RECAP"" capability. - -Note: There are cases where playbooks need to interpret results -of a task and then determine success or failure and return result -accordingly (failure for failed tasks).",Ansible Playbook Requirements,, -R-08134,"The xNF **MUST** conform to the NETCONF RFC 6241, -""NETCONF Configuration Protocol"".",NETCONF Server Requirements,, -R-92207,"The VNF **SHOULD** provide a mechanism for performing automated -system configuration auditing at configurable time intervals.",VNF General Security Requirements,, -R-93177,"When the VNF's Heat Orchestration Template's resource -``OS::Neutron::Port`` is attaching to an internal network (per the -ONAP definition, see Requirements R-52425 and R-46461), -and the internal network is created in the -same Heat Orchestration Template as the ``OS::Neutron::Port``, -the ``network`` property value **MUST** obtain the UUID -of the internal network by using the intrinsic function -``get_resource`` -and referencing the Resource ID of the internal network.",Property: network,tests.test_network_format_use_get_param_or_get_resource,test_network_format_use_get_param_or_get_resource -R-48987,"If the VNF's OAM Management IP Address is cloud assigned and -and the OAM IP Address is required to be inventoried in ONAP A&AI, -then the parameter **MUST** be obtained by the -resource ``OS::Neutron::Port`` -attribute ``ip_address``.",OAM Management IP Addresses,, -R-41825,"The VNF **MUST** activate security alarms automatically when -a configurable number of consecutive unsuccessful login attempts -is reached.",VNF Security Analytics Requirements,, -R-32695,"The VNF **MUST** provide the ability to modify the number of -retries, the time between retries and the behavior/action taken after -the retries have been exhausted for exception handling to allow the -NCSP to control that behavior, where the interface and/or functional -specification allows for altering behaviour.",Application Resilient Error Handling,, -R-59568,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``availability_zone`` parameter **MUST NOT** be enumerated in the Heat -Orchestration -Template's Environment File.",Property: availability_zone,tests.test_environment_file_parameters,test_nova_server_az_parameter_doesnt_exist_in_environment_file -R-13613,"The VNF **MUST** provide clear measurements for licensing -purposes to allow automated scale up/down by the management system.",Licensing Requirements,, -R-86261,The VNF **MUST NOT** allow vendor access to VNFs remotely.,VNF General Security Requirements,, -R-63473,"The VNF **MUST** automatically advertise newly scaled -components so there is no manual intervention required.",System Resource Optimization,, -R-85800,"When the VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property ``name`` parameter is defined as a ``comma_delimited_list``, -a parameter **MUST** be delcared once for all ``OS::Nova::Server`` resources -associated with the ``{vm-type}``.",Property: Name,, -R-68023,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -**SHOULD** -contain the ``metadata`` map value parameter ``vf_module_name``.",vf_module_name,, -R-25877,"A VNF's Heat Orchestration Template's parameter name -(i.e., ) **MUST** contain only alphanumeric -characters and underscores ('_').",,tests.test_heat_parameter_section,test_parameter_names -R-90022,"A VNF's Nested YAML file **MAY** be invoked more than -once by a VNF's Heat Orchestration Template.",Nested Heat Template Requirements,, -R-80374,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_name`` **MUST NOT** -be enumerated in the Heat Orchestration Template's environment file.",vf_module_name,tests.test_environment_file_parameters,test_nova_server_vf_module_name_parameter_doesnt_exist_in_environment_file -R-19756,"If a VNF's Heat Orchestration Template -``OS::ContrailV2::InterfaceRouteTable`` resource -``interface_route_table_routes`` property -``interface_route_table_routes_route`` map property parameter -``{vm-type}_{network-role}_route_prefixes`` -**MUST** be defined as type ``json``.",Interface Route Table Prefixes for Contrail InterfaceRoute Table,, -R-30804,"A VNF's Heat Orchestration Template's Resource -``OS::Heat::MultipartMime`` -Resource ID -**MUST** -contain the ``{vm-type}``.",OS::Heat::MultipartMime,tests.test_multipart_mime_resource_id,test_multipart_mime -R-80070,"The VNF **MUST** handle errors and exceptions so that they do -not interrupt processing of incoming VNF requests to maintain service -continuity (where the error is not directly impacting the software -handling the incoming request).",Application Resilient Error Handling,, -R-53952,"A VNF's Heat Orchestration Template's Resource -**MUST NOT** reference a HTTP-based resource definitions.",type,, -R-76718,"If a VNF's Heat Orchestration Template uses the intrinsic function -``get_file``, the ``get_file`` target **MUST** be referenced in -the Heat Orchestration Template by file name.",Heat Files Support (get_file),, -R-22367,"The VNF **MUST** support detection of malformed packets due to -software misconfiguration or software vulnerability.",VNF Security Analytics Requirements,, -R-97726,"A VNF's Heat Orchestration Template's Base Module Output Parameter names -**MUST** contain ``{vm-type}`` and/or ``{network-role}`` when appropriate.",ONAP Base Module Output Parameters:,, -R-47874,"A VNF **MAY** have - * Only an IPv4 OAM Management IP Address - * Only an IPv6 OAM Management IP Address - * Both a IPv4 and IPv6 OAM Management IP Addresses",OAM Management IP Addresses,, -R-97445,"The VNF **MUST** log the field ""date/time"" in the security audit -logs.",VNF Security Analytics Requirements,, -R-41252,"The VNF **MUST** support the capability of online storage of -security audit logs.",VNF Security Analytics Requirements,, -R-87817,"When the VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property ``name`` parameter is defined as a ``comma_delimited_list``, -the parameter name **MUST** follow the naming convention -``{vm-type}_names``.",Property: Name,tests.test_nova_servers_vm_types,test_nova_server_name_parameter -R-37692,"The VNFC **MUST** provide API versioning to allow for -independent upgrades of VNFC.",VNF Design,, -R-78282,"The xNF **MUST** conform to the NETCONF RFC 6242, -""Using the Network Configuration Protocol over Secure Shell"".",NETCONF Server Requirements,, -R-05257,"A VNF's Heat Orchestration Template's **MUST NOT** -contain the Resource ``OS::Neutron::FloatingIP``.","VIP Assignment, External Networks, Supported by Automation",, -R-69610,"The VNF **MUST** provide the capability of using X.509 certificates -issued by an external Certificate Authority.",VNF Data Protection Requirements,, -R-77667,"The VNF **MUST** test for adherence to the defined performance -budget at each layer, during each delivery cycle so that the performance -budget is measured and feedback is provided where the performance budget -is not met.",Deployment Optimization,, -R-21210,"The VNF **MUST** implement the following input validation control -on APIs: Validate that any input file has a correct and valid -Multipurpose Internet Mail Extensions (MIME) type. Input files -should be tested for spoofed MIME types.",VNF API Security Requirements,, -R-01478,"The xNF Package **MUST** include documentation describing all -parameters that are available to monitor the xNF after instantiation -(includes all counters, OIDs, PM data, KPIs, etc.) that must be -collected for reporting purposes.",Resource Control Loop,, -R-72184,"The xNF **MUST** have routable FQDNs for all the endpoints -(VMs) of a xNF that contain chef-clients which are used to register -with the Chef Server. As part of invoking xNF actions, ONAP will -trigger push jobs against FQDNs of endpoints for a xNF, if required.",Chef Client Requirements,, -R-56218,"The VNF **MUST** support ONAP Controller's Migrate command that -moves container (VM) from a live Physical Server / Compute Node to -another live Physical Server / Compute Node. - - Note: Container migrations MUST be transparent to the VNF and no more intrusive than a stop, - followed by some down time for the migration to be performed from one Compute Node / Physical - Server to another, followed by a start of the same VM with same configuration on the new - Compute Node / Physical Server.",Virtual Function - Container Recovery Requirements,, -R-97201,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -``{vm-type}_int_{network-role}_v6_ip_{index}`` -**MUST** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-30932,"The VNF **MUST** log successful and unsuccessful access to VNF -resources, including data.",VNF Security Analytics Requirements,, -R-33488,"The VNF **MUST** protect against all denial of service -attacks, both volumetric and non-volumetric, or integrate with external -denial of service protection tools.",VNF API Security Requirements,, -R-86926,A VNF's incremental module **MAY** be used for scale out only.,ONAP VNF Modularity Overview,, -R-03954,"The VNF **MUST** survive any single points of failure within -the Network Cloud (e.g., virtual NIC, VM, disk failure).",All Layer Redundancy,, -R-75202,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``workload_context`` is passed into a -Nested YAML -file, the parameter name ``workload_context`` **MUST NOT** change.",workload_context,, -R-48917,"The VNF **MUST** monitor for and alert on (both sender and -receiver) errant, running longer than expected and missing file transfers, -so as to minimize the impact due to file transfer errors.",Monitoring & Dashboard,, -R-62468,"The xNF **MUST** allow all configuration data to be -edited through a NETCONF operation. Proprietary -NETCONF RPCs that make configuration changes are not sufficient.",NETCONF Server Requirements,, -R-04158,"The xNF **MUST** conform to the NETCONF RFC 4742, -""Using the NETCONF Configuration Protocol over Secure Shell (SSH)"".",NETCONF Server Requirements,, -R-49109,"The VNF **MUST** encrypt TCP/IP--HTTPS (e.g., TLS v1.2) -transmission of data on internal and external networks.",VNF Identity and Access Management Requirements,, -R-51910,"The xNF **MUST** provide all telemetry (e.g., fault event -records, syslog records, performance records etc.) to ONAP using the -model, format and mechanisms described in this section.",VNF telemetry via standardized interface,, -R-44290,"The xNF **MUST** control access to ONAP and to xNFs, and creation -of connections, through secure credentials, log-on and exchange mechanisms.",Security,, -R-48596,"The xNF Package **MUST** include documentation describing -the characteristics for the xNF reliability and high availability.",Resource Control Loop,, -R-96554,"The xNF **MUST** implement the protocol operation: -**unlock(target)** - Unlock the configuration datastore target.",NETCONF Server Requirements,, -R-70013,"The VNF **MUST NOT** require any manual steps to get it ready for -service after a container rebuild.",Application Resilient Error Handling,, -R-55802,"The VNF Package **MUST** include VM requirements via a Heat -template that provides the necessary data for scaling/growth VM -specifications. - -Note: Must comply with the *Heat requirements in 5.b*.","Compute, Network, and Storage Requirements",, -R-65134,"The VNF **SHOULD** maintain state in a geographically -redundant datastore that may, in fact, be its own VNFC.",VNF Design,, -R-39402,"A VNF's Heat Orchestration Template **MUST** contain the -section ``description:``.",description,tests.test_heat_template_structure,test_heat_template_structure_contains_description -R-39562,The VNF **MUST** disable unnecessary or vulnerable cgi-bin programs.,VNF Identity and Access Management Requirements,, -R-97529,"The xNF **SHOULD** implement the protocol operation: -**get-schema(identifier, version, format) -** Retrieve the YANG schema.",NETCONF Server Requirements,, -R-88536,"A VNF's Heat Orchestration Template's OS::Nova::Server -Resource **SHOULD** contain the metadata map value parameter -'environment_context'.",environment_context,, -R-41956,"If a VNF requires ONAP to assign a Virtual IP (VIP) Address to -ports connected an external network, the port -**MUST NOT** have more than one IPv6 VIP address.","VIP Assignment, External Networks, Supported by Automation",, -R-74481,"The VNF **MUST NOT** require the use of a dynamic routing -protocol unless necessary to meet functional requirements.",VNF Design,, -R-53598,"The xNF Package **MUST** include documentation to, when relevant, -provide a threshold crossing alert point for each KPI and describe the -significance of the threshold crossing.",Resource Control Loop,, -R-54930,"The VNF **MUST** implement the following input validation controls: -Do not permit input that contains content or characters inappropriate -to the input expected by the design. Inappropriate input, such as -SQL expressions, may cause the system to execute undesirable and -unauthorized transactions against the database or allow other -inappropriate access to the internal network (injection attacks).",VNF API Security Requirements,, -R-42207,"The VNF **MUST** design resiliency into a VNF such that the -resiliency deployment model (e.g., active-active) can be chosen at -run-time.",All Layer Redundancy,, -R-48356,"The VNF **MUST** fully exploit exception handling to the extent -that resources (e.g., threads and memory) are released when no longer -needed regardless of programming language.",Application Resilient Error Handling,, -R-98617,"The xNF provider **MUST** provide information regarding any -dependency (e.g., affinity, anti-affinity) with other xNFs and resources.",Resource Description,, -R-26371,"The VNF **MUST** detect communication failure for inter VNFC -instance and intra/inter VNF and re-establish communication -automatically to maintain the VNF without manual intervention to -provide service continuity.",Application Resilient Error Handling,, -R-96253,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::VirtualMachineInterface`` that is attaching to an external network -Resource ID **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_{network-role}_vmi_{vmi_index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port (i.e. virtual machine interface) is attached to -* ``{vmi_index}`` is the instance of the the vmi on the vm-type - attached to the network of ``{network-role}``",OS::ContrailV2::VirtualMachineInterface,, -R-44125,"The xNF provider **MUST** agree to the process that can -be met by Service Provider reporting infrastructure. The Contract -shall define the reporting process and the available reporting tools.",Licensing Requirements,, -R-84123,"When - - * the VNF's Heat Orchestration Template's - resource ``OS::Neutron::Port`` in an Incremental Module is attaching - to an internal network (per the ONAP definition, see - Requirements R-52425 and R-46461) - that is created in the Base Module, AND - * an IPv4 address is being cloud assigned by OpenStack's DHCP Service AND - * the internal network IPv4 subnet is to be specified - using the property ``fixed_ips`` map property ``subnet``/``subnet_id``, - -the parameter **MUST** follow the naming convention - - * ``int_{network-role}_subnet_id`` - -where - - * ``{network-role}`` is the network role of the internal network - -Note that the parameter **MUST** be defined as an ``output`` parameter in -the base module.","Property: fixed_ips, Map Property: subnet_id",, -R-53317,"The xNF **MUST** conform its YANG model to RFC 6087, -""Guidelines for Authors and Reviewers of YANG Data Model Documents"".",NETCONF Server Requirements,, -R-73223,"The VNF **MUST** support proactive monitoring to detect and -report the attacks on resources so that the VNFs and associated VMs can -be isolated, such as detection techniques for resource exhaustion, namely -OS resource attacks, CPU attacks, consumption of kernel memory, local -storage attacks.",VNF Security Analytics Requirements,, -R-01359,"A VNF's Heat Orchestration Template that contains an ``OS::Nova:Server`` -Resource **MAY** define a parameter for the property -``availability_zone`` that is not utilized in any ``OS::Nova::Server`` -resources in the Heat Orchestration Template.",Property: availability_zone,, -R-91342,"A VNF Heat Orchestration Template's Base Module's Environment File -**MUST** be named identical to the VNF Heat Orchestration Template's -Base Module with ``.y[a]ml`` replaced with ``.env``.",Base Modules,tests.test_heat_pairs_provided,test_heat_pairs_provided -R-84517,"The Contrail GUI has a limitation displaying special characters. -The issue is documented in -https://bugs.launchpad.net/juniperopenstack/+bug/1590710. -It is recommended that special **SHOULD** characters be avoided. -However, if special characters must be used, note that for -the following resources: - -* Virtual Machine -* Virtual Network -* Port -* Security Group -* Policies -* IPAM Creation - -the only special characters supported -are - \"" ! $\ \ ' ( ) = ~ ^ | @ ` { } [ ] > , . _""",Contrail Issue with Values for the Property Name,, -R-49036,"The xNF **SHOULD** conform its YANG model to RFC 7277, -""A YANG Data Model for IP Management"".",NETCONF Server Requirements,, -R-92935,"The VNF **SHOULD** minimize the propagation of state information -across multiple data centers to avoid cross data center traffic.",Minimize Cross Data-Center Traffic,, -R-54517,"When a VNF's Heat Orchestration Template's resource is associated with -a single ``{vm-type}``, the Resource ID **MUST** contain the -``{vm-type}``.",Resource IDs,, -R-46096,"A VNF's Heat Orchestration template's Environment File's -**MAY** contain the ``encrypted_parameters:`` section.",Environment File Format,, -R-72871,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_id`` **MUST NOT** -be enumerated in the Heat Orchestration Template's environment file.",vf_module_id,tests.test_environment_file_parameters,test_nova_server_vf_module_id_parameter_doesnt_exist_in_environment_file -R-18683,"If a VNF has one IPv4 OAM Management IP Address and the -IP Address needs to be inventoried in ONAP's A&AI -database, an output parameter **MUST** be declared in only one of the -VNF's Heat Orchestration Templates and the parameter **MUST** be named -``oam_management_v4_address``.",OAM Management IP Addresses,, -R-94525,"The VNF **MUST** log connections to the network listeners of the -resource.",VNF Security Analytics Requirements,, -R-35401,"The xNF **MUST** support SSH and allow SSH access by the -Ansible server for the endpoint VM(s) and comply with the Network -Cloud Service Provider guidelines for authentication and access.",Ansible Client Requirements,, -R-44723,The VNF **MUST** use symmetric keys of at least 112 bits in length.,VNF Cryptography Requirements,, -R-88540,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::InstanceIp`` -that is configuring an IPv6 Address on a sub-interface port attached to a -sub-interface network Resource ID **MUST** -use the naming convention - -* ``{vm-type}_{vm-type_index}_subint_{network-role}_vmi_{vmi_index}_v6_IP_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{vmi_index}`` is the instance of the the virtual machine interface - (e.g., port) on the vm-type - attached to the network of ``{network-role}`` -* ``v6_IP`` signifies that an IPv6 address is being configured -* ``{index}`` is the index of the IPv6 address",OS::ContrailV2::InstanceIp,, -R-97199,"A VNF's Heat Orchestration Template's OS::Nova::Server -resource **MUST** contain the attribute ""metadata"".",metadata,tests.test_servers_metadata_use_get_param,test_servers_metadata_use_get_param -R-56287,"If the VNF's OAM Management IP Address is assigned by ONAP SDN-C and -assigned in the VNF's Heat Orchestration Template's via a heat resource -``OS::Neutron::Port`` property ``fixed_ips`` map property -``ip_adress`` parameter (e.g., ``{vm-type}_{network-role}_ip_{index}``, -``{vm-type}_{network-role}_v6_ip_{index}``) -and the OAM IP Address is required to be inventoried in ONAP A&AI, -then the parameter **MUST** be echoed in an output statement. - -.. code-block:: yaml - - outputs: - oam_management_v4_address: - value: {get_param: {vm-type}_{network-role}_ip_{index} } - oam_management_v6_address: - value: {get_param: {vm-type}_{network-role}_v6_ip_{index} }",OAM Management IP Addresses,, -R-11041,"All parameters defined in a VNFs Nested YAML file -**MUST** be passed in as properties of the resource calling -the nested yaml file.",Nested Heat Template Requirements,, -R-27511,"The VNF provider **MUST** provide the ability to scale -up a VNF provider supplied product during growth and scale down a -VNF provider supplied product during decline without ""real-time"" -restrictions based upon VNF provider permissions.",Licensing Requirements,, -R-85235,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an internal network (per the -ONAP definition, see Requirement Requirements R-52425 and R-46461), -and an IPv4 address is assigned -using the property ``fixed_ips`` -map property ``ip_address`` and the parameter type is defined as a -``comma_delimited_list``, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_int_{network-role}_ips`` - -where - - * ``{vm-type}`` is the {vm-type} associated with the - ``OS::Nova::Server`` - * ``{network-role}`` is the {network-role} of the internal - network","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-53310,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::InstanceIp`` -that is configuring an IPv4 Address on a port attached to an external network -Resource ID **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_{network-role}_vmi_{vmi_index}_IP_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the {vm-type} -* ``{network-role}`` is the network-role of the network that the port is attached to -* ``{vmi_index}`` is the instance of the the virtual machine interface - (e.g., port) on the vm-type attached to the network of {network-role} -* ``IP`` signifies that an IPv4 address is being configured -* ``{index}`` is the index of the IPv4 address",OS::ContrailV2::InstanceIp,, -R-63330,"The VNF **MUST** detect when its security audit log storage -medium is approaching capacity (configurable) and issue an alarm.",VNF Security Analytics Requirements,, -R-30654,"The xNF Package **MUST** have appropriate cookbooks that are -designed to automatically 'rollback' to the original state in case of -any errors for actions that change state of the xNF (e.g., configure).",Chef Roles/Requirements,, -R-30650,"The VNF **MUST** utilize cloud provided infrastructure and -VNFs (e.g., virtualized Local Load Balancer) as part of the VNF so -that the cloud can manage and provide a consistent service resiliency -and methods across all VNF's.",VNF Design,, -R-34726,"If a VNF's port is connected to an internal network and the port -is created in the same Heat Orchestration Template as the internal network, -then the port resource **MUST** use a 'get_resource' to obtain -the network UUID.",Internal Networks,, -R-09811,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_index`` **MUST NOT** -have parameter constraints defined.",vf_module_index,, -R-99798,"A VNF's Heat Orchestration Template's Virtual Machine -(i.e., ``OS::Nova::Server`` resource) **MAY** boot from an image or -**MAY** boot from a Cinder Volume.",Boot Options,, -R-16039,"The VNF **SHOULD** test for adherence to the defined -resiliency rating recommendation at each layer, during each -delivery cycle so that the resiliency rating is measured and -feedback is provided where software resiliency requirements are -not met.",Deployment Optimization,, -R-66070,"The xNF Package **MUST** include xNF Identification Data to -uniquely identify the resource for a given xNF provider. The identification -data must include: an identifier for the xNF, the name of the xNF as was -given by the xNF provider, xNF description, xNF provider, and version.",Resource Description,, -R-92571,"The VNF **MUST** provide operational instrumentation such as -logging, so as to facilitate quick resolution of issues with the VNF to -provide service continuity.",Monitoring & Dashboard,, -R-72483,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource **MUST** -contain the ``metadata`` map value parameter ``vnf_name``.",vnf_name,tests.test_servers_have_required_metadata,test_servers_have_required_metadata -R-17528,"A VNF's Heat Orchestration Template's first level Nested YAML file -**MUST NOT** contain more than one ``OS::Nova::Server`` resource. -A VNF's Heat Orchestration Template's second level Nested YAML file -**MUST NOT** contain an ``OS::Nova::Server`` resource.",Nested Heat Template Requirements,, -R-20547,"When an ONAP Volume Module Output Parameter is declared as an input -parameter in a base or an incremental module Heat Orchestration -Template, parameter constraints **MUST NOT** be declared.",ONAP Volume Module Output Parameters,, -R-99794,"An external network **MUST** have one subnet. An external network -**MAY** have more than one subnet.",External Networks,, -R-71152,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``image`` parameter **MUST** be declared as type: ``string``.",Property: image,tests.test_nova_servers_vm_types,test_nova_server_image_parameter -R-87352,"The VNF **SHOULD** utilize Cloud health checks, when available -from the Network Cloud, from inside the application through APIs to check -the network connectivity, dropped packets rate, injection, and auto failover -to alternate sites if needed.",Monitoring & Dashboard,, -R-56438,"A VNF's Heat Orchestration Template's Nested YAML file extension **MUST** -be in the lower case format ``.yaml`` or ``.yml``.",ONAP Heat Orchestration Template Filenames,tests.test_heat_pairs_provided,test_heat_pairs_provided -R-23664,"A VNF's Heat Orchestration template **MUST** -contain the section ``resources:``.",resources,tests.test_heat_template_structure,test_heat_template_structure_contains_resources -R-07251,The xNF **MUST** support ONAP Controller's **ResumeTraffic** command.,LifeCycle Management Related Commands,, -R-66793,"The xNF **MUST** guarantee the xNF configuration integrity -for all simultaneous configuration operations (e.g., if a change is -attempted to the BUM filter rate from multiple interfaces on the same -EVC, then they need to be sequenced in the xNF without locking either -configuration method out).",NETCONF Server Requirements,, -R-42018,"The xNF Package **MUST** include documentation which must include -all events (fault, measurement for xNF Scaling, Syslogs, State Change -and Mobile Flow), that need to be collected at each VM, VNFC (defined in `VNF Guidelines `__ ) and for the overall xNF.",Resource Control Loop,, -R-15884,"The VNF **MUST** include the field ""date"" in the Security alarms -(where applicable and technically feasible).",VNF Security Analytics Requirements,, -R-15885,"The xNF **MUST** Upon completion of the chef-client run, -POST back on the callback URL, a JSON object as described in Table -A2 if the chef-client run list includes a cookbook/recipe that is -callback capable. Failure to POST on the Callback Url should not be -considered a critical error. That is, if the chef-client successfully -completes the xNF action, it should reflect this status on the Chef -Server regardless of whether the Callback succeeded or not.",Chef Roles/Requirements,, -R-54340,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_index`` **MUST** -be declared as type: ``number``.",vf_module_index,, -R-08775,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::SecurityGroup`` -that is applicable to one ``{vm-type}`` and more than one network (internal -and/or external) Resource ID **SHOULD** use the naming convention - -* ``{vm-type}_security_group`` - -where - -* ``{vm-type}`` is the vm-type",OS::Neutron::SecurityGroup,, -R-22286,"The VNF **MUST** support Integration functionality via -API/Syslog/SNMP to other functional modules in the network (e.g., -PCRF, PCEF) that enable dynamic security control by blocking the -malicious traffic or malicious end users.",VNF Security Analytics Requirements,, -R-34055,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``workload_context`` **MUST NOT** -have parameter constraints defined.",workload_context,, -R-81214,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::InterfaceRouteTable`` -Resource ID -**MUST** -contain the ``{network-role}``.",OS::ContrailV2::InterfaceRouteTable,, -R-78380,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an internal network (per the -ONAP definition, see Requirements R-52425 and R-46461), -and an IPv4 address is assigned -using the property ``fixed_ips`` -map property ``ip_address`` and the parameter type is -defined as a ``string``, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_int_{network-role}_ip_{index}`` - -where - - * ``{vm-type}`` is the {vm-type} associated with the - OS::Nova::Server - * ``{network-role}`` is the {network-role} of the internal - network - * the value for ``{index`` must start at zero (0) and increment by one","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-22288,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``subnet``/``subnet_id`` parameter -``int_{network-role}_v6_subnet_id`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: subnet_id",tests.test_environment_file_parameters,test_neutron_port_fixedips_subnet_parameter_doesnt_exist_in_environment_file -R-85653,"The xNF **MUST** provide metrics (e.g., number of sessions, -number of subscribers, number of seats, etc.) to ONAP for tracking -every license.",Licensing Requirements,, -R-88482,"The xNF **SHOULD** use REST using HTTPS delivery of plain -text JSON for moderate sized asynchronous data sets, and for high -volume data sets when feasible.",Addressing and Delivery Protocol,, -R-16241,"A VNF's internal network **MUST** have one subnet. -A VNF's internal network **MAY** have more than one subnet.",Internal Networks,, -R-21819,"The VNF **MUST** provide functionality that enables the Operator to comply -with requests for information from law enforcement and government agencies.",VNF General Security Requirements,, -R-05050,"A VNF's Heat Orchestration Templates intrinsic function -``get_file`` **MAY** be used: - - * more than once in a VNF's Heat Orchestration Template - * in two or more of a VNF's Heat Orchestration Templates - * in a VNF's Heat Orchestration Templates nested YAML file",Heat Files Support (get_file),, -R-12467,"The VNF **MUST NOT** use compromised encryption algorithms. -For example, SHA, DSS, MD5, SHA-1 and Skipjack algorithms. -Acceptable algorithms can be found in the NIST FIPS publications -(https://csrc.nist.gov/publications/fips) and in the -NIST Special Publications (https://csrc.nist.gov/publications/sp).",VNF Data Protection Requirements,, -R-12709,"The VNFC **SHOULD** be independently deployed, configured, -upgraded, scaled, monitored, and administered by ONAP.",VNF Design,, -R-12706,The xNF **MUST** support ONAP Controller's **QuiesceTraffic** command.,LifeCycle Management Related Commands,, -R-26115,"The xNF **MUST** follow the data model upgrade rules defined -in [RFC6020] section 10. All deviations from section 10 rules shall -be handled by a built-in automatic upgrade mechanism.",NETCONF Server Requirements,, -R-50816,"A VNF's Heat Orchestration Template's ``OS::Nova::Server Resource`` **MAY** -contain the metadata map value parameter ``vf_module_index``.",vf_module_index,, -R-22608,"When a VNF's Heat Orchestration Template's Base Module's output -parameter is declared as an input parameter in an Incremental Module, -the parameter attribute ``constraints:`` **MUST NOT** be declared.",ONAP Base Module Output Parameters,, -R-98191,"The xNF **MUST** vary the frequency that asynchronous data -is delivered based on the content and how data may be aggregated or -grouped together. - - Note: - - - For example, alarms and alerts are expected to be delivered as - soon as they appear. In contrast, other content, such as performance - measurements, KPIs or reported network signaling may have various - ways of packaging and delivering content. Some content should be - streamed immediately; or content may be monitored over a time - interval, then packaged as collection of records and delivered - as block; or data may be collected until a package of a certain - size has been collected; or content may be summarized statistically - over a time interval, or computed as a KPI, with the summary or KPI - being delivered. - - We expect the reporting frequency to be configurable depending on - the virtual network functions needs for management. For example, - Service Provider may choose to vary the frequency of collection - between normal and trouble-shooting scenarios. - - Decisions about the frequency of data reporting will affect - the size of delivered data sets, recommended delivery method, - and how the data will be interpreted by ONAP. These considerations - should not affect deserialization and decoding of the data, which - will be guided by the accompanying JSON schema or GPB definition - files.",Reporting Frequency,, -R-14447,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::ServiceTemplate`` -Resource ID **MAY** use the naming convention - -* ``{vm-type}_RST_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``RST`` signifies that it is the Resource Service Template -* ``{index}`` is is the index",OS::ContrailV2::ServiceTemplate,, -R-85991,"The xNF provider **MUST** provide a universal license key -per xNF to be used as needed by services (i.e., not tied to a VM -instance) as the recommended solution. The xNF provider may provide -pools of Unique xNF License Keys, where there is a unique key for -each xNF instance as an alternate solution. Licensing issues should -be resolved without interrupting in-service xNFs.",Licensing Requirements,, -R-71577,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an external network (per the -ONAP definition, see Requirement R-57424), -and an IPv6 address is assigned -using the property ``fixed_ips`` -map property ``ip_address`` and the parameter type is defined as a string, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_{network-role}_v6_ip_{index}`` - - where - - * ``{vm-type}`` is the {vm-type} associated with the - OS::Nova::Server - * ``{network-role}`` is the {network-role} of the external - network - * the value for ``{index}`` must start at zero (0) and increment by one","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-56721,A VNF's Incremental Module **MAY** utilize nested heat.,Nested Heat Orchestration Templates Overview,, -R-37437,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` -resource property ``metadata`` **MUST** -contain the key/value pair ``vnf_id``.",vnf_id,tests.test_servers_have_required_metadata,test_servers_have_required_metadata -R-48247,The xNF **MUST** support ONAP Controller's **ConfigRestore** command.,Configuration Commands,, -R-32408,"If a VNF's Heat Orchestration Template property ``name`` -for a non ``OS::Nova::Server`` resource uses the intrinsic function -``str_replace`` in conjunction with the ONAP -supplied metadata parameter ``vnf_name`` and does not create -a unique value, additional data **MUST** be used in the -``str_replace`` to create a unique value, such as ``OS::stack_name`` -and/or the ``OS::Heat::ResourceGroup`` ``index``.",Resource Property “name”,, -R-70112,"A VNF's Heat Orchestration Template **MUST** reference a Nested YAML -file by name. The use of ``resource_registry`` in the VNF's Heat -Orchestration Templates Environment File **MUST NOT** be used.",Nested Heat Template Requirements,, -R-30278,"The xNF provider **MUST** provide a Resource/Device YANG model -as a foundation for creating the YANG model for configuration. This will -include xNF attributes/parameters and valid values/attributes configurable -by policy.",Configuration Management via NETCONF/YANG,, -R-93030,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -``{vm-type}_{network-role}_v6_ips`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-47849,"The xNF provider **MUST** support the metadata about -licenses (and their applicable entitlements) as defined in this -document for xNF software, and any license keys required to authorize -use of the xNF software. This metadata will be used to facilitate -onboarding the xNF into the ONAP environment and automating processes -for putting the licenses into use and managing the full lifecycle of -the licenses. The details of this license model are described in -Tables C1 to C8 in the Appendix. - -Note: License metadata support in ONAP is not currently available -and planned for 1Q 2018.",Licensing Requirements,, -R-06924,"The xNF **MUST** deliver asynchronous data as data becomes -available, or according to the configured frequency.",Asynchronous and Synchronous Data Delivery,, -R-03465,"The xNF **MUST** release locks to prevent permanent lock-outs -when the corresponding operation succeeds.",NETCONF Server Requirements,, -R-58301,"The xNF **SHOULD NOT** use playbooks that make requests to -Cloud resources e.g. Openstack (nova, neutron, glance, heat, etc.); -therefore, there is no use for Cloud specific variables like Openstack -UUIDs in Ansible Playbooks. - -Rationale: Flows that require interactions with Cloud services e.g. -Openstack shall rely on workflows run by an Orchestrator -(Change Management) or other capability (such as a control loop or -Operations GUI) outside Ansible Server which can be executed by a -Controller such as APPC. There are policies, as part of Control Loop -models, that send remediation action requests to APPC; these are -triggered as a response to an event or correlated events published -to Event Bus.",Ansible Playbook Requirements,, -R-84879,"The xNF **MUST** have the capability of maintaining a primary -and backup DNS name (URL) for connecting to ONAP collectors, with the -ability to switch between addresses based on conditions defined by policy -such as time-outs, and buffering to store messages until they can be -delivered. At its discretion, the service provider may choose to populate -only one collector address for a xNF. In this case, the network will -promptly resolve connectivity problems caused by a collector or network -failure transparently to the xNF.",Addressing and Delivery Protocol,, -R-87247,"VNF Heat Orchestration Template's Incremental Module file name -**MUST** contain only alphanumeric characters and underscores -'_' and **MUST NOT** contain the case insensitive word ``base``.",Incremental Modules,tests.test_base_template_names,test_base_template_names -R-70276,"A VNF HEAT's Orchestration Nested Template's YAML file name **MUST NOT** -be in the format ``{vm-type}.y[a]ml`` where ``{vm-type}`` is defined -in the Heat Orchestration Template.",Nested Heat file,, -R-02597,"The xNF **MUST** implement the protocol operation: -**lock(target)** - Lock the configuration datastore target.",NETCONF Server Requirements,, -R-24269,"The xNF **SHOULD** conform its YANG model to RFC 7407, -""A YANG Data Model for SNMP Configuration"", if Netconf used to -configure SNMP engine.",NETCONF Server Requirements,, -R-44896,"The VNF Package **MUST** include VM requirements via a Heat -template that provides the necessary data for high availability -redundancy model.","Compute, Network, and Storage Requirements",, -R-20860,"The VNF **MUST** be agnostic to the underlying infrastructure -(such as hardware, host OS, Hypervisor), any requirements should be -provided as specification to be fulfilled by any hardware.",VNF Devops,, -R-440220,"The xNF **SHOULD** support File transferring protocol, such as FTPES or SFTP, -when supporting the event-driven bulk transfer of monitoring data.",Bulk Performance Measurement,, -R-50468,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::VirtualMachineInterface`` that is attaching to an internal network -Resource ID **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_int_{network-role}_vmi_{vmi_index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port (i.e. virtual machine interface) is attached to -* ``{vmi_index}`` is the instance of the the vmi on the vm-type - attached to the network of ``{network-role}``",OS::ContrailV2::VirtualMachineInterface,, -R-46290,"The xNF **MUST** respond to an ONAP request to deliver granular -data on device or subsystem status or performance, referencing the YANG -configuration model for the xNF by returning the requested data elements.",Asynchronous and Synchronous Data Delivery,, -R-70757,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vm_role`` is passed into a Nested YAML -file, the parameter name ``vm_role`` **MUST NOT** change.",vm_role,, -R-59434,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::Subnet`` -Resource ID **SHOULD** use the naming convention - -* ``int_{network-role}_subnet_{index}`` - -where - -* ``{network-role}`` is the network-role -* ``{index}`` is the ``{index}`` of the subnet of the network",OS::Neutron::Subnet,, -R-94978,"The VNF **MUST** provide a mechanism and tool to perform a graceful -shutdown of all the containers (VMs) in the VNF without impacting service -or service quality assuming another VNF in same or other geographical -location can take over traffic and process service requests.",Application Resilient Error Handling,, -R-36280,"The xNF provider **MUST** provide documentation describing -xNF Functional Capabilities that are utilized to operationalize the -xNF and compose complex services.",Resource Description,, -R-44001,"A VNF's Heat Orchestration Template parameter declaration **MUST** -contain the attribute ``description``.",description,tests.test_heat_template_parameters_contain_required_fields,test_heat_template_parameters_contain_required_fields -R-02360,"The VNFC **MUST** be designed as a standalone, executable process.",VNF Design,, -R-00098,"The VNF **MUST NOT** impact the ability of the VNF to provide -service/function due to a single container restart.",All Layer Redundancy,, -R-78569,"VNF's Heat Orchestration Template's Resource **MAY** declare the -attribute ``external_id:``.",external_id,, -R-38001,The VNF **MUST** support ONAP Controller's **Rebuild** command.,Virtual Function - Container Recovery Requirements,, -R-42874,"The VNF **MUST** allow the Operator to restrict access based on -the assigned permissions associated with an ID in order to support -Least Privilege (no more privilege than required to perform job -functions).",VNF Identity and Access Management Requirements,, -R-82115,"When a VNF's Heat Orchestration Template's resource is associated with a -single ``{vm-type}`` -and a single external network, the Resource ID text **MUST** contain both -the ``{vm-type}`` -and the ``{network-role}`` - -- the ``{vm-type}`` **MUST** appear before the ``{network-role}`` and - **MUST** be separated by an underscore '_' - - - - e.g., ``{vm-type}_{network-role}``, ``{vm-type}_{index}_{network-role}`` - - -- note that an ``{index}`` value **MAY** separate the ``{vm-type}`` and the - ``{network-role}`` and when this occurs underscores **MUST** separate the - three values. (e.g., ``{vm-type}_{index}_{network-role}``).",Resource IDs,, -R-83418,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``allowed_address_pairs`` -map property ``ip_address`` parameter -``{vm-type}_{network-role}_floating_v6_ip`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","VIP Assignment, External Networks, Supported by Automation",tests.test_environment_file_parameters,test_neutron_port_aap_ip_parameter_doesnt_exist_in_environment_file -R-51442,"The xNF **SHOULD** use playbooks that are designed to -automatically 'rollback' to the original state in case of any errors -for actions that change state of the xNF (e.g., configure). - - Note: In case rollback at the playbook level is not supported or - possible, the xNF provider shall provide alternative locking - mechanism (e.g., for a small xNF the rollback mechanism may rely - on workflow to terminate and re-instantiate VNF VMs and then re-run - playbook(s)). Backing up updated files also recommended to support - rollback when soft rollback is feasible.",Ansible Playbook Requirements,, -R-02164,"When a VNF's Heat Orchestration Template's Contrail resource -has a property that -references an external network that requires the network's -Fully Qualified Domain Name (FQDN), the property parameter - -* **MUST** follow the format ``{network-role}_net_fqdn`` -* **MUST** be declared as type ``string`` -* **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's - Environment File",External Networks,, -R-39841,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -``{vm-type}_{network-role}_ip_{index}`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-24997,"A VNF's Heat Orchestration Template's Resource ``OS::Nova::Keypair`` applies to -one ``{vm-type}`` Resource ID **SHOULD** use the naming convention - -* ``{vm-type}_keypair_{index}`` - -where - -* ``{network-role}`` is the network-role -* ``{index}`` is the ``{index}`` of the keypair",OS::Nova::Keypair,, -R-73067,"The VNF **MUST** use NIST and industry standard cryptographic -algorithms and standard modes of operations when implementing -cryptography.",VNF Data Protection Requirements,, -R-61354,"The VNF **MUST** provide a mechanism (e.g., access control list) to -permit and/or restrict access to services on the VNF by source, -destination, protocol, and/or port.",VNF General Security Requirements,, -R-15287,"When the VNF's Heat Orchestration Template's -resource ``OS::Neutron::Port`` is attaching -to an external network (per the ONAP definition, see -Requirement R-57424), -and an IPv6 address is being cloud assigned by OpenStack's DHCP Service -and the external network IPv6 subnet is to be specified -using the property ``fixed_ips`` -map property ``subnet``/``subnet_id``, the parameter -**MUST** follow the naming convention - - * ``{network-role}_v6_subnet_id`` - -where - - * ``{network-role}`` is the network role of the network.","Property: fixed_ips, Map Property: subnet_id",, -R-36843,"The VNF **MUST** support the ability of the VNFC to be deployable -in multi-zoned cloud sites to allow for site support in the event of cloud -zone failure or upgrades.",All Layer Redundancy,, -R-73285,"The xNF **MUST** must encode, address and deliver the data -as described in the previous paragraphs.",Asynchronous and Synchronous Data Delivery,, -R-49145,"The xNF **MUST** implement **:confirmed-commit** If -**:candidate** is supported.",NETCONF Server Requirements,, -R-44318,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vnf_name`` **MUST NOT** -have parameter constraints defined.",vnf_name,tests.test_required_parameters_no_constraints,test_required_parameters_no_constraints -R-76901,"The VNF **MUST** support a container rebuild mechanism based on existing -image (e.g. Glance image in Openstack environment) or a snapshot.",Virtual Function - Container Recovery Requirements,, -R-59482,"A VNF's Heat Orchestration Template **MUST NOT** be VNF instance -specific or cloud site specific.",Scope of a Heat Orchestration Template,, -R-69431,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``flavor`` parameter **MUST** be enumerated in the Heat Orchestration -Template's Environment File and a value **MUST** be assigned.",Property: flavor,tests.test_environment_file_parameters,test_nova_server_flavor_parameter_exists_in_environment_file -R-73560,"The xNF Package **MUST** include documentation about monitoring -parameters/counters exposed for virtual resource management and xNF -application management.",Resource Control Loop,, -R-96634,"The xNF provider **MUST** describe scaling capabilities -to manage scaling characteristics of the xNF.","Compute, Network, and Storage Requirements",, -R-62187,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::InstanceIp`` -that is configuring an IPv4 Address on a port attached to an internal network -Resource ID **MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_int_{network-role}_vmi_{vmi_index}_IP_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{vmi_index}`` is the instance of the the virtual machine interface - (e.g., port) on the vm-type - attached to the network of ``{network-role}`` -* ``IP`` signifies that an IPv4 address is being configured -* ``{index}`` is the index of the IPv4 address",OS::ContrailV2::InstanceIp,, -R-30753,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::NetworkIpam`` -Resource ID -**MUST** -contain the ``{network-role}``.",OS::ContrailV2::NetworkIpam,, -R-82551,"When a VNF's Heat Orchestration Template's resource is associated with a -single ``{vm-type}`` and a single internal network, the Resource ID **MUST** -contain both the ``{vm-type}`` and the ``int_{network-role}`` and - -- the ``{vm-type}`` **MUST** appear before the ``int_{network-role}`` and - **MUST** be separated by an underscore '_' - - - (e.g., ``{vm-type}_int_{network-role}``, - ``{vm-type}_{index}_int_{network-role}``) - -- note that an ``{index}`` value **MAY** separate the - ``{vm-type}`` and the ``int_{network-role}`` and when this occurs - underscores **MUST** separate the three values. - (e.g., ``{vm-type}_{index}_int_{network-role}``).",Resource IDs,, -R-16560,"The VNF **SHOULD** conduct a resiliency impact assessment for all -inter/intra-connectivity points in the VNF to provide an overall resiliency -rating for the VNF to be incorporated into the software design and -development of the VNF.",Monitoring & Dashboard,, -R-01382,"The xNF **MUST** allow the entire configuration of the xNF to be -retrieved via NETCONF's and , independently -of whether it was configured via NETCONF or other mechanisms.",NETCONF Server Requirements,, -R-59930,"A VNF's Heat Orchestration template's Environment File's -**MAY** contain the ``parameter_defaults:`` section.",Environment File Format,, -R-88863,"A VNF's Heat Orchestration Template's parameter defined -in a non-nested YAML file as type -``number`` **MUST** have a parameter constraint of ``range`` or -``allowed_values`` defined.",constraints,tests.test_heat_numeric_parameters,test_numeric_parameter -R-88026,"The xNF **MUST** include a NETCONF server enabling -runtime configuration and lifecycle management capabilities.",Configuration Management,, -R-70933,"The VNF **MUST** provide the ability to migrate to newer -versions of cryptographic algorithms and protocols with minimal impact.",VNF Data Protection Requirements,, -R-99174,"The VNF **MUST** allow the creation of multiple IDs so that -individual accountability can be supported.",VNF Identity and Access Management Requirements,, -R-74958,"The VNF **MUST** activate security alarms automatically when -it detects an unsuccessful attempt to gain permissions -or assume the identity of another user.",VNF Security Analytics Requirements,, -R-47068,"The xNF **MAY** expose a single endpoint that is -responsible for all functionality.",Chef Client Requirements,, -R-23035,"The VNF **MUST** be designed to scale horizontally (more -instances of a VNF or VNFC) and not vertically (moving the existing -instances to larger VMs or increasing the resources within a VM) -to achieve effective utilization of cloud resources.",VNF Design,, -R-23740,"The VNF **MUST** implement and enforce the principle of least privilege -on all protected interfaces.",VNF General Security Requirements,, -R-47061,"A VNF's Heat Orchestration Template's OS::Nova::Server -Resource **SHOULD** contain the metadata map value parameter -'workload_context'.",workload_context,, -R-69565,"The xNF Package **MUST** include documentation describing xNF -Management APIs, which must include information and tools for ONAP to -deploy and configure (initially and ongoing) the xNF application(s) -(e.g., NETCONF APIs) which includes a description of configurable -parameters for the xNF and whether the parameters can be configured -after xNF instantiation.",Resource Description,, -R-35532,"The VNF **SHOULD** release and clear all shared assets (memory, -database operations, connections, locks, etc.) as soon as possible, -especially before long running sync and asynchronous operations, so as -to not prevent use of these assets by other entities.",System Resource Optimization,, -R-46823,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vm_role`` **MUST** -be either - - * enumerated in the VNF's Heat Orchestration Template's environment - file. - - * hard coded in the VNF's - Heat Orchestration Template's ``OS::Nova::Server`` Resource - ``metadata`` property.",vm_role,, -R-46986,"The VNF **SHOULD** have source code scanned using scanning -tools (e.g., Fortify) and provide reports.",VNF General Security Requirements,, -R-76014,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::ServiceHealthCheck`` -Resource ID -**MUST** -contain the ``{vm-type}``.",OS::ContrailV2::ServiceHealthCheck,, -R-34484,"The VNF **SHOULD** create a single component VNF for VNFCs -that can be used by other VNFs.",VNF Design,, -R-27469,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port`` -that is creating a *Reserve Port* with an IPv4 address Resource ID **MUST** -use the naming convention - -* ``reserve_port_{vm-type}_{network-role}_floating_ip_{index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{index}`` is the instance of the IPv4 *Reserve Port* - for the vm-type attached to the network of ``{network-role}``",OS::Neutron::Port,, -R-48067,"A VNF's Heat Orchestration Template's ``{vm-type}`` **MUST NOT** be a -substring -of ``{network-role}``.",{vm-type},tests.test_nova_servers_vm_types,test_vm_type_network_role_collision -R-52530,"A VNF's Heat Orchestration Template's Nested YAML file -**MUST** be in the same directory hierarchy as the VNF's Heat -Orchestration Templates.",Nested Heat Template Requirements,, -R-90748,"A VNF's Heat Orchestration Template's Resource OS::Heat::CinderVolume -**MAY** be defined in an Incremental Module.",ONAP VNF Modularity Overview,, -R-79107,"The VNF **MUST**, if not integrated with the Operator's Identity -and Access Management system, support the ability to disable the -userID after a configurable number of consecutive unsuccessful -authentication attempts using the same userID.",VNF Identity and Access Management Requirements,, -R-46960,"NCSPs **MAY** operate a limited set of Guest OS and CPU -architectures and families, virtual machines, etc.",VNF Devops,, -R-67918,"The VNF **MUST** handle replication race conditions both locally -and geo-located in the event of a data base instance failure to maintain -service continuity.",Application Resilient Error Handling,, -R-73228,"A VNF's Heat Orchestration Template's parameter -``{network-role}_net_fqdn`` -**MUST** be declared as type ``string``.",External Networks,, -R-46968,"VNF's Heat Orchestration Template's Resource **MAY** declare the -attribute ``depends_on:``.",depends_on,, -R-43740,"VNF's Heat Orchestration Template's Resource **MAY** declare the -attribute ``deletion_policy:``.",deletion_policy,, -R-39067,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_name`` **MUST** -be declared as type: ``string``.",vf_module_name,, -R-63935,"The xNF **MUST** release locks to prevent permanent lock-outs -when a user configured timer has expired forcing the NETCONF SSH Session -termination (i.e., product must expose a configuration knob for a user -setting of a lock expiration timer).",NETCONF Server Requirements,, -R-86285,"A VNF's Heat Orchestration template **MUST** have a -corresponding environment file.",Environment File Format,tests.test_heat_pairs_provided,test_heat_pairs_provided -R-82481,"A VNF's Heat Orchestration Template's Resource property parameter that is -associated with a unique Virtual Machine type **MUST** include -``{vm-type}`` as part of the parameter name with two exceptions: - - 1.) The Resource ``OS::Nova::Server`` property ``availability_zone`` - parameter **MUST NOT** be prefixed with a common ``{vm-type}`` identifier, - - 2.) The Resource ``OS::Nova::Server`` eight mandatory and optional - ``metadata`` - parameters (i.e., ``vnf_name``, ``vnf_id``, ``vf_module_id``, - ``vf_module_name``, ``vm_role``, - ``vf_module_index``, ``environment_context``, ``workload_context``) - **MUST NOT** be prefixed with a common ``{vm-type}`` identifier.",{vm-type},, -R-83677,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``subnet``/``subnet_id`` parameter -``{network-role}_subnet_id`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: subnet_id",tests.test_environment_file_parameters,test_neutron_port_fixedips_subnet_parameter_doesnt_exist_in_environment_file -R-20453,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port`` -that is attaching to an external network Resource ID -**MUST** use the naming convention - -* ``{vm-type}_{vm-type_index}_{network-role}_port_{port-index}`` - -where - -* ``{vm-type}`` is the vm-type -* ``{vm-type_index}`` is the instance of the ``{vm-type}`` -* ``{network-role}`` is the network-role of the network - that the port is attached to -* ``{port-index}`` is the instance of the the port on the vm-type - attached to the network of ``{network-role}``",OS::Neutron::Port,tests.test_port_resource_ids,test_port_resource_ids -R-94084,The xNF **MUST** support ONAP Controller's **ConfigScaleOut** command.,Configuration Commands,, -R-16447,"A VNF's **MUST** be unique across all Heat -Orchestration Templates and all HEAT Orchestration Template -Nested YAML files that are used to create the VNF.",resource ID,tests.test_unique_resources_across_all_templates,test_unique_resources_across_all_yaml_files -R-79817,"A VNF's Heat Orchestration Template's parameter defined -in a non-nested YAML file as -type ``comma_delimited_list`` **MAY** have a parameter constraint defined.",constraints,, -R-22888,"The xNF provider **MUST** provide documentation for the xNF -Policy Description to manage the xNF runtime lifecycle. The document -must include a description of how the policies (conditions and actions) -are implemented in the xNF.",Resource Control Loop,, -R-92866,"The xNF **MUST** include as part of post-instantiation configuration -done by Ansible Playbooks the removal/update of the SSH public key from -/root/.ssh/authorized_keys, and update of SSH keys loaded through -instantiation to support Ansible. This may include download and install of -new SSH keys and new mechanized IDs.",Ansible Client Requirements,, -R-19768,"The VNF **SHOULD** support Layer 3 VPNs that enable segregation of -traffic by application (i.e., AVPN, IPSec VPN for Internet routes).",VNF General Security Requirements,, -R-07617,"The VNF **MUST** log success and unsuccessful creation, removal, or -change to the inherent privilege level of users.",VNF Security Analytics Requirements,, -R-91810,"If a VNF requires ONAP to assign a Virtual IP (VIP) Address to -ports connected an external network, the port -**MUST NOT** have more than one IPv4 VIP address.","VIP Assignment, External Networks, Supported by Automation",, -R-10353,"The xNF **MUST** conform its YANG model to RFC 6244, -""An Architecture for Network Management Using NETCONF and YANG"".",NETCONF Server Requirements,, -R-79952,"The VNF **SHOULD** support container snapshots if not for rebuild -and evacuate for rollback or back out mechanism.",All Layer Redundancy,, -R-28980,A VNF's incremental module **MAY** be used for initial VNF deployment only.,ONAP VNF Modularity Overview,, -R-50436,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``flavor`` parameter **MUST** be declared as type: ``string``.",Property: flavor,tests.test_nova_servers_vm_types,test_nova_server_flavor_parameter -R-59610,"The xNF **MUST** implement the data model discovery and -download as defined in [RFC6022].",NETCONF Server Requirements,, -R-56904,"The VNF **MUST** interoperate with the ONAP (SDN) Controller so that -it can dynamically modify the firewall rules, ACL rules, QoS rules, virtual -routing and forwarding rules.",VNF General Security Requirements,, -R-82732,"A VNF Heat Orchestration Template's Cinder Volume Module **MUST** -be named identical to the base or incremental module it is supporting with -``_volume`` appended.",Cinder Volume Modules,tests.test_volume_outputs_consumed,test_volume_module_name_matches_incremental_or_base_module -R-46461,"A VNF's port connected to an internal network **MUST NOT** connect -the port to VMs in another VNF and/or an external gateway and/or -external router.",Internal Networks,, -R-69588,"When a VNF's Heat Orchestration Template's Virtual Machine -(i.e., ``OS::Nova::Server`` Resource) boots from Cinder Volume, the -``OS::Nova::Server`` resource property -``block_device_mapping`` or ``block_device_mapping_v2`` -**MUST** be used.",Boot Options,, -R-62177,"When using the intrinsic function get_file, the included files -**MUST** have unique file names within the scope of the VNF.",Heat Files Support (get_file),, -R-20353,"The xNF **MUST** implement both **:candidate** and -**:writable-running** capabilities. When both **:candidate** and -**:writable-running** are provided then two locks should be supported.",NETCONF Server Requirements,, -R-62170,"The xNF **MUST** over-ride any default values for -configurable parameters that can be set by ONAP in the roles, -cookbooks and recipes.",Chef Roles/Requirements,, -R-69634,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``subnet``/``subnet_id`` parameter -``int_{network-role}_subnet_id`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: subnet_id",tests.test_environment_file_parameters,test_neutron_port_fixedips_subnet_parameter_doesnt_exist_in_environment_file -R-07507,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` -resource property -``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST** -be declared as type: ``string``.",vnf_id,, -R-75608,"The xNF provider **MUST** provide playbooks to be loaded -on the appropriate Ansible Server.",Configuration Management via Ansible,, -R-32636,"The VNF **MUST** support API-based monitoring to take care of -the scenarios where the control interfaces are not exposed, or are -optimized and proprietary in nature.",VNF Security Analytics Requirements,, -R-83015,"A VNF's ``{network-role}`` assigned to an external network **MUST** -be different than the ``{network-role}`` assigned to the VNF's -internal networks, if internal networks exist.",External Networks,, -R-40499,"Each VNF's Heat Orchestration Template's ``{vm-type}`` **MUST** -have a unique parameter name for the ``OS::Nova::Server`` property -``flavor`` even if more than one ``{vm-type}`` shares the same flavor.",Property: flavor,tests.test_nova_servers_resource_ids,test_nova_servers_valid_resource_ids -R-98374,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_id`` **MUST NOT** -have parameter constraints defined.",vf_module_id,tests.test_required_parameters_no_constraints,test_required_parameters_no_constraints -R-23882,"The VNF **SHOULD** provide the capability for the Operator to run security -vulnerability scans of the operating system and all application layers.",VNF General Security Requirements,, -R-93860,"The VNF **SHOULD** provide the capability to integrate with an -external encryption service.",VNF Cryptography Requirements,, -R-28189,"A VNF's Heat Orchestration Template's Resource -``OS::ContrailV2::InterfaceRouteTable`` -Resource ID **MAY** use the naming convention - -* ``{network-role}_RIRT`` - -where - -* ``{network-role}`` is the network-role -* ``RIRT`` signifies that it is the Resource Interface Route Table",OS::ContrailV2::InterfaceRouteTable,, -R-44281,"The xNF **MUST** implement the protocol operation: -**edit-config(target, default-operation, test-option, error-option, -config)** - Edit the target configuration datastore by merging, -replacing, creating, or deleting new config elements.",NETCONF Server Requirements,, -R-43413,"A VNF **MUST** utilize a modular Heat Orchestration Template design to -support scaling (growth/de-growth).",Support of heat stack update,, -R-84457,"A VNF's Heat Orchestration Template's Resource ``OS::ContrailV2::PortTuple`` -Resource ID **MAY** use the naming convention - -* ``{vm-type}_RPT`` - -where - -* ``{vm-type}`` is the vm-type -* ``RPT`` signifies that it is the Resource Port Tuple",OS::ContrailV2::PortTuple,, -R-58670,"The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` -property -``image`` parameter name **MUST** follow the naming convention -``{vm-type}_image_name``.",Property: image,, -R-84322,"A VNF's Heat Orchestration Template's Resource property parameter that -is associated with an internal network **MUST** include -``int_{network-role}`` as part of the parameter name, -where ``int_`` is a hard coded string.",{network-role},tests.test_port_resource_ids,test_port_resource_ids -R-92635,"A VNF's Heat Orchestration Template **MUST** be compliant with the -OpenStack Template Guide.",ONAP Heat Orchestration Template Format,, -R-33904,"The xNF Package **MUST** include documentation for each KPI, provide -lower and upper limits.",Resource Control Loop,, -R-98391,"The VNF **MUST**, if not integrated with the Operator's Identity and -Access Management system, support Role-Based Access Control to enforce -least privilege.",VNF Identity and Access Management Requirements,, -R-52870,"The VNF **MUST** provide a method of metrics gathering -and analysis to evaluate the resiliency of the software from both -a granular as well as a holistic standpoint. This includes, but is -not limited to thread utilization, errors, timeouts, and retries.",Monitoring & Dashboard,, -R-68200,"The xNF **MUST** support the **:url** value to specify -protocol operation source and target parameters. The capability URI -for this feature will indicate which schemes (e.g., file, https, sftp) -that the server supports within a particular URL value. The 'file' -scheme allows for editable local configuration databases. The other -schemes allow for remote storage of configuration databases.",NETCONF Server Requirements,, -R-93496,"The VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port`` -property ``fixed_ips`` -map property ``ip_address`` -parameter associated with an internal network, i.e., - - * ``{vm-type}_int_{network-role}_ip_{index}`` - * ``{vm-type}_int_{network-role}_ip_v6_{index}`` - * ``{vm-type}_int_{network-role}_ips`` - * ``{vm-type}_int_{network-role}_v6_ips`` - - -**MUST** be enumerated in the Heat Orchestration -Template's Environment File and IP addresses **MUST** be -assigned.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-95430,"A VNF's Heat Orchestration Template's OS::Nova::Server Resource -``metadata`` map value parameter ``vm_role`` **MUST** -be declared as type: ``string``.",vm_role,, -R-77334,"The VNF **MUST** allow configurations and configuration parameters -to be managed under version control to ensure consistent configuration -deployment, traceability and rollback.",Application Configuration Management,, -R-52499,"The VNF **MUST** meet their own resiliency goals and not rely -on the Network Cloud.",All Layer Redundancy,, -R-24893,"A VNF's Heat Orchestration template's Environment File's -**MAY** contain the ``event_sinks:`` section.",Environment File Format,, -R-64713,"The VNF **SHOULD** support a software promotion methodology -from dev/test -> pre-prod -> production in software, development & -testing and operations.",VNF Devops,, -R-20856,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` -resource property -``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST NOT** -be enumerated in the Heat Orchestration Template's environment file.",vnf_id,tests.test_environment_file_parameters,test_nova_server_vnf_id_parameter_doesnt_exist_in_environment_file -R-00068,"The xNF Package **MUST** include documentation which includes -a description of parameters that can be monitored for the xNF -and event records (status, fault, flow, session, call, control -plane, etc.) generated by the xNF after instantiation.",Resource Description,, -R-58370,"The VNF **MUST** operate with anti-virus software which produces -alarms every time a virus is detected.",VNF Security Analytics Requirements,, -R-87096,"A VNF **MAY** contain zero, one or more than one internal networks.",Internal Networks,, -R-17334,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::SecurityGroup`` -that is applicable to one ``{vm-type}`` and one external network Resource ID -**SHOULD** use the naming convention - -* ``{vm-type}_{network-role}_security_group`` - -where - -* ``{vm-type}`` is the vm-type -* ``{network-role}`` is the network-role",OS::Neutron::SecurityGroup,, -R-73468,"The xNF **MUST** allow the NETCONF server connection -parameters to be configurable during virtual machine instantiation -through Heat templates where SSH keys, usernames, passwords, SSH -service and SSH port numbers are Heat template parameters.",NETCONF Server Requirements,, -R-15189,"A VNF's Heat Orchestration Template's Resource ``OS::Nova::ServerGroup`` Resource ID -**MAY** use the naming convention - -* ``{vm-type}_RSG`` - -or - -* ``{vm-type}_Server_Grp`` - -or - -* ``{vm-type}_ServerGroup`` - -or - -* ``{vm-type}_servergroup``",OS::Nova::ServerGroup,, -R-68936,"When a VNF creates an internal network, a network role, referred to as -the ``{network-role}`` **MUST** be assigned to the internal network -for use in the VNF's Heat Orchestration Template.",Internal Networks,tests.test_port_resource_ids,test_port_resource_ids -R-31141,"VNF Heat Orchestration Template's Cinder Volume Module's Environment File -**MUST** be named identical to the VNF Heat Orchestration Template's -Cinder Volume Module with ``.y[a]ml`` replaced with ``.env``.",Cinder Volume Modules,tests.test_heat_pairs_provided,test_heat_pairs_provided -R-99656,"The VNF **MUST** NOT terminate stable sessions if a VNFC -instance fails.",VNF Design,, -R-20974,"At orchestration time, the VNF's Base Module **MUST** -be deployed first, prior to any incremental modules.",ONAP VNF Modularity Overview,, -R-62954,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server Resource`` -``metadata`` map value parameter ``environment_context`` is passed into a -Nested YAML -file, the parameter name ``environment_context`` **MUST NOT** change.",environment_context,, -R-98905,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -``{vm-type}_{network-role}_ips`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-10173,"The xNF **MUST** allow another NETCONF session to be able to -initiate the release of the lock by killing the session owning the lock, -using the operation to guard against hung NETCONF sessions.",NETCONF Server Requirements,, -R-76449,"A VNF's Heat Orchestration Template's **MUST NOT** -contain the Resource ``OS::Neutron::FloatingIPAssociation``.","VIP Assignment, External Networks, Supported by Automation",, -R-43332,"The VNF **MUST** activate security alarms automatically when -it detects the successful modification of a critical system or -application file.",VNF Security Analytics Requirements,, -R-36792,"The VNF **MUST** automatically retry/resubmit failed requests -made by the software to its downstream system to increase the success rate.",Application Resilient Error Handling,, -R-76682,"If a VNF's Heat Orchestration Template -``OS::ContrailV2::InterfaceRouteTable`` resource -``interface_route_table_routes`` property -``interface_route_table_routes_route`` map property parameter -``{vm-type}_{network-role}_route_prefixes`` -**MUST NOT** be enumerated in the VNF's Heat Orchestration Template's -Environment File.",Interface Route Table Prefixes for Contrail InterfaceRoute Table,tests.test_environment_file_parameters,test_contrail_route_prefixes_parameter_doesnt_exist_in_environment_file -R-29865,"When a VNF connects to an external network, a network role, -referred to as the '{network-role}' **MUST** be assigned to the -external network for use in the VNF's Heat Orchestration Template.",External Networks,, -R-21558,"The VNF **SHOULD** use intelligent routing by having knowledge -of multiple downstream/upstream endpoints that are exposed to it, to -ensure there is no dependency on external services (such as load balancers) -to switch to alternate endpoints.",Intelligent Transaction Distribution & Management,, -R-62590,"The VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port`` -property ``fixed_ips`` -map property ``ip_address`` -parameter associated with an external network, i.e., - - * ``{vm-type}_{network-role}_ip_{index}`` - * ``{vm-type}_{network-role}_ip_v6_{index}`` - * ``{vm-type}_{network-role}_ips`` - * ``{vm-type}_{network-role}_v6_ips`` - - -**MUST NOT** be enumerated in the Heat Orchestration -Template's Environment File. ONAP provides the IP address -assignments at orchestration time.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-02170,"The VNF **MUST** use, whenever possible, standard implementations -of security applications, protocols, and formats, e.g., S/MIME, TLS, SSH, -IPSec, X.509 digital certificates for cryptographic implementations. -These implementations must be purchased from reputable vendors or obtained -from reputable open source communities and must not be developed in-house.",VNF Data Protection Requirements,, -R-64445,"The VNF **MUST** support the ability of a requestor of the -service to determine the version (and therefore capabilities) of the -service so that Network Cloud Service Provider can understand the -capabilities of the service.",Deployment Optimization,, -R-02997,"The VNF **MUST** preserve their persistent data. Running VMs -will not be backed up in the Network Cloud infrastructure.",VNF Devops,, -R-64503,"The VNF **MUST** provide minimum privileges for initial -and default settings for new user accounts.",VNF Identity and Access Management Requirements,, -R-22680,"The xNF Package **MUST** include documentation that describes -any requirements for the monitoring component of tools for Network -Cloud automation and management to provide these records to components -of the xNF.",Resource Control Loop,, -R-70964,"If a VNF's Port is attached to an internal network and the port's -IP addresses are statically assigned by the VNF's Heat Orchestration\ -Template (i.e., enumerated in the Heat Orchestration Template's -environment file), the ``OS::Neutron::Port`` Resource's - -* property ``fixed_ips`` map property ``ip_address`` **MUST** be used -* property ``fixed_ips`` map property ``subnet``/``subnet_id`` - **MUST NOT** be used",Items to Note,, -R-69014,"When a VNF connects to an external network, a network role, referred to -as the ``{network-role}`` **MUST** be assigned to the external network for -use in the VNF's Heat Orchestration Template.",External Networks,tests.test_port_resource_ids,test_port_resource_ids -R-04747,"A VNF's Heat Orchestration Template's Resource ``OS::Heat::CloudConfig`` -Resource ID **MUST** contain the ``{vm-type}``.",OS::Heat::CloudConfig,tests.test_cloud_config_resource_id,test_cloud_config -R-22688,"If a VNF's port is connected to an internal network and the port is -created in an Incremental Module and the internal network is created -in the Base Module then the UUID of the internal network **MUST** be -exposed as a parameter in the ``outputs:`` section of the Base Module -and the port resource **MUST** use a ``get_param`` to obtain the network -UUID.",Internal Networks,, -R-29765,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an internal network (per the -ONAP definition, see Requirement Requirements R-52425 and R-46461), -and an IPv6 address is assigned -using the property ``fixed_ips`` -map property ``ip_address`` and the parameter type is defined as a -``comma_delimited_list``, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_int_{network-role}_v6_ips`` - -where - - * ``{vm-type}`` is the {vm-type} associated with the - ``OS::Nova::Server`` - * ``{network-role}`` is the {network-role} of the internal - network","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-29760,"The VNFC **MUST** be installed on non-root file systems, -unless software is specifically included with the operating system -distribution of the guest image.",VNF Devops,, -R-79412,"The xNF **MAY** use another option which is expected to include TCP -for high volume streaming asynchronous data sets and for other high volume -data sets. TCP delivery can be used for either JSON or binary encoded data -sets.",Addressing and Delivery Protocol,, -R-45188,"The VNF's Heat Orchestration Template's Resource 'OS::Nova::Server' property -``flavor`` parameter name **MUST** follow the naming convention -``{vm-type}_flavor_name``.",Property: flavor,tests.test_nova_servers_vm_types,test_nova_server_flavor_parameter -R-27078,"A VNF's Heat Orchestration template **MUST** contain the -section ``heat_template_version:``.",heat_template_version,tests.test_heat_template_structure,test_heat_template_structure_contains_heat_template_version -R-14198,"A VNF's Heat Orchestration Template's Resource ``OS::Neutron::SecurityGroup`` that -is applicable to one {vm-type} and one internal network Resource ID **SHOULD** -use the naming convention - -* ``{vm-type}_int_{network-role}_security_group`` - -where - -* ``{vm-type}`` is the vm-type -* ``{network-role}`` is the network-role",OS::Neutron::SecurityGroup,, -R-54373,"The xNF **MUST** have Python >= 2.6 on the endpoint VM(s) -of a xNF on which an Ansible playbook will be executed.",Ansible Client Requirements,, -R-33280,"The xNF **MUST NOT** use any instance specific parameters -in a playbook.",Ansible Playbook Requirements,, -R-53433,A VNF's Cinder Volume Module **MUST** have a corresponding environment file,ONAP VNF Modularity Overview,tests.test_env_and_yaml_same_name,test_env_and_yaml_same_name -R-19082,"The VNF **MUST** allow the Operator to disable or remove any security -testing tools or programs included in the VNF, e.g., password cracker, -port scanner.",VNF General Security Requirements,, -R-28168,"The VNF **SHOULD** use an appropriately configured logging -level that can be changed dynamically, so as to not cause performance -degradation of the VNF due to excessive logging.",Monitoring & Dashboard,, -R-04344,"A VNF's Nested YAML file **MAY** be invoked by more than one of -a VNF's Heat Orchestration Templates (when the VNF is composed of two -or more Heat Orchestration Templates).",Nested Heat Template Requirements,, -R-95864,"The VNF **MUST** support digital certificates that comply with X.509 -standards.",VNF Data Protection Requirements,, -R-06668,"The VNF **MUST** handle the start or restart of VNFC instances -in any order with each VNFC instance establishing or re-establishing -required connections or relationships with other VNFC instances and/or -VNFs required to perform the VNF function/role without requiring VNFC -instance(s) to be started/restarted in a particular order.",Application Resilient Error Handling,, -R-45856,The xNF **MUST** support ONAP Controller's **UpgradePostCheck** command.,LifeCycle Management Related Commands,, -R-65516,"A VNF's Heat Orchestration Template's Resource ``OS::Nova::Keypair`` applies to -all Virtual Machines in the the VNF, the Resource ID **SHOULD** use the naming -convention - -* ``{vnf-type}_keypair`` - -where - -* ``{vnf-type}`` describes the VNF",OS::Nova::Keypair,, -R-50252,"The xNF **MUST** write to a specific one text files that -will be retrieved and made available by the Ansible Server if, as part -of a xNF action (e.g., audit), a playbook is required to return any -xNF information. The text files must be written in the same directory as -the one from which the playbook is being executed. A text file must be -created for the xNF playbook run targets/affects, with the name -'_results.txt' into which any desired output from each -respective VM/xNF must be written.",Ansible Playbook Requirements,, -R-32641,"The VNF **MUST** provide the capability to encrypt data on -non-volatile memory.Non-volative memory is storage that is -capable of retaining data without electrical power, e.g. -Complementary metal–oxide–semiconductor (CMOS) or hard drives.",VNF Data Protection Requirements,, -R-94509,"A VNF Heat Orchestration Template's Incremental Module's Environment File -**MUST** be named identical to the VNF Heat Orchestration Template's -Incremental Module with ``.y[a]ml`` replaced with ``.env``.",Incremental Modules,tests.test_heat_pairs_provided,test_heat_pairs_provided -R-32394,"A VNF's Heat Orchestration Template's use of ``{vm-type}`` in all Resource -property parameter names **MUST** be the same case.",{vm-type},, -R-89474,"The VNF **MUST** log the field ""Login ID"" in the security audit logs.",VNF Security Analytics Requirements,, -R-26124,"If a VNF Heat Orchestration Template parameter has a default value, -it **MUST** be enumerated in the environment file.",default,tests.test_no_unused_parameters_between_env_and_templates,test_no_unused_parameters_between_env_and_templates -R-87123,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -``{vm-type}_{network-role}_v6_ip_{index}`` -**MUST NOT** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-02691,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``workload_context`` **MUST NOT** -be enumerated in the Heat Orchestration Template's environment file.",workload_context,tests.test_environment_file_parameters,test_nova_server_workload_context_parameter_doesnt_exist_in_environment_file -R-19922,The xNF **MUST** support ONAP Controller's **UpgradePrecheck** command.,LifeCycle Management Related Commands,, -R-12678,"The xNF Package **MUST** include documentation which includes a -description of runtime lifecycle events and related actions (e.g., -control responses, tests) which can be performed for the xNF.",Resource Description,, -R-90632,"The xNF Package **MUST** include documentation about KPIs and -metrics that need to be collected at each VM for capacity planning -and performance management purposes.",Resource Control Loop,, -R-14853,"The VNF **MUST** respond to a ""move traffic"" [#4.5.2]_ command -against a specific VNFC, moving all existing session elsewhere with -minimal disruption if a VNF provides a load balancing function across -multiple instances of its VNFCs. - -Note: Individual VNF performance aspects (e.g., move duration or -disruption scope) may require further constraints.",VNF Devops,, -R-55478,The VNF **MUST** log logoffs.,VNF Security Analytics Requirements,, -R-40518,"A VNF's Heat Orchestration Template's parameter defined -in a non-nested YAML file as type -``string`` **MAY** have a parameter constraint defined.",constraints,, -R-43327,"The xNF **SHOULD** use `Modeling JSON text with YANG -`_, If YANG models need to be -translated to and from JSON{RFC7951]. YANG configuration and content can -be represented via JSON, consistent with Avro, as described in ""Encoding -and Serialization"" section.",Asynchronous and Synchronous Data Delivery,, -R-90007,"The xNF **MUST** implement the protocol operation: -**close-session()**- Gracefully close the current session.",NETCONF Server Requirements,, -R-39650,"The VNF **SHOULD** provide the ability to test incremental -growth of the VNF.",VNF Devops,, -R-27970,"When a VNF's Heat Orchestration Template's resource is associated with -more than one ``{vm-type}`` and/or more than one internal and/or external -network, the Resource ID **MAY** contain the term ``shared`` and/or **MAY** -contain text that identifies the VNF.",Resource IDs,, -R-06327,"The VNF **MUST** respond to a ""drain VNFC"" [#4.5.2]_ command against -a specific VNFC, preventing new session from reaching the targeted VNFC, -with no disruption to active sessions on the impacted VNFC, if a VNF -provides a load balancing function across multiple instances of its VNFCs. -This is used to support scenarios such as proactive maintenance with no -user impact.",VNF Devops,, -R-94669,"If a VNF has one IPv6 OAM Management IP Address and the -IP Address needs to be inventoried in ONAP's A&AI -database, an output parameter **MUST** be declared in only one of the -VNF's Heat Orchestration Templates and the parameter **MUST** be named -``oam_management_v6_address``.",OAM Management IP Addresses,, -R-75343,"The VNF **MUST** provide the capability of testing the -validity of a digital certificate by recognizing the identity represented -by the certificate - the ""distinguished name"".",VNF Cryptography Requirements,, -R-37929,"The xNF **MUST** accept all necessary instance specific -data from the environment or node object attributes for the xNF -in roles/cookbooks/recipes invoked for a xNF action.",Chef Roles/Requirements,, -R-18525,"The xNF provider **MUST** provide a JSON file for each -supported action for the xNF. The JSON file must contain key value -pairs with all relevant values populated with sample data that illustrates -its usage. The fields and their description are defined in Tables A1 -and A2 in the Appendix. - -Note: Chef support in ONAP is not currently available and planned for 4Q 2017.",Configuration Management via Chef,, -R-07545,"The xNF **MUST** support all operations, administration and -management (OAM) functions available from the supplier for xNFs using -the supplied YANG code and associated NETCONF servers.",NETCONF Server Requirements,, -R-62983,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an external network (per the -ONAP definition, see Requirement R-57424), the -``network`` parameter name **MUST** - - * follow the naming convention ``{network-role}_net_id`` if the Neutron - network UUID value is used to reference the network - * follow the naming convention ``{network-role}_net_name`` if the - OpenStack network name is used to reference the network. - -where ``{network-role}`` is the network-role of the external network -and a ``get_param`` **MUST** be used as the intrinsic function.",Property: network,tests.test_network_format,test_network_format -R-40971,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an external network (per the -ONAP definition, see Requirement R-57424), -and an IPv4 address is assigned -using the property ``fixed_ips`` -map property ``ip_address`` and the parameter type is defined as a string, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_{network-role}_ip_{index}`` - - where - - * ``{vm-type}`` is the {vm-type} associated with the - ``OS::Nova::Server`` - * ``{network-role}`` is the {network-role} of the external - network - * the value for ``{index}`` must start at zero (0) and increment by one","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-27995,"The VNF **SHOULD** include control loop mechanisms to notify -the consumer of the VNF of their exceeding SLA thresholds so the consumer -is able to control its load against the VNF.",Intelligent Transaction Distribution & Management,, -R-33946,"The xNF **MUST** conform to the NETCONF RFC 4741, -""NETCONF Configuration Protocol"".",NETCONF Server Requirements,, -R-67386,"A VNF's Heat Orchestration Template's Resource **MAY** declare the -attribute ``metadata``.",metadata,, -R-00011,"A VNF's Heat Orchestration Template's parameter defined -in a nested YAML file -**MUST NOT** have a parameter constraint defined.",constraints,tests.test_nested_parameters,test_nested_parameter -R-98748,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``allowed_address_pairs`` -map property ``ip_address`` parameter -**MUST** be declared as type ``string``.","VIP Assignment, External Networks, Supported by Automation",tests.test_allowed_address_pairs_include_vm_type_network_role,test_allowed_address_pairs_include_vm_type_network_role -R-37039,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``vf_module_index`` **MUST NOT** -be enumerated in the Heat Orchestration Template's environment file.",vf_module_index,, -R-34037,"The VNF's Heat Orchestration Template's -resource ``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -**MUST** be declared as either type ``string`` or type -``comma_delimited_list``.","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-97293,"The xNF provider **MUST NOT** require audits -of Service Provider's business.",Licensing Requirements,, -R-69877,"The xNF Package **MUST** include documentation for each KPI, -identify the suggested actions that need to be performed when a -threshold crossing alert event is recorded.",Resource Control Loop,, -R-69874,"A VNF's ``{network-role}`` assigned to an internal network **MUST** -be different than the ``{network-role}`` assigned to the VNF's external -networks.",Internal Networks,, -R-86758,"The VNF **SHOULD** provide an automated test suite to validate -every new version of the software on the target environment(s). The tests -should be of sufficient granularity to independently test various -representative VNF use cases throughout its lifecycle. Operations might -choose to invoke these tests either on a scheduled basis or on demand to -support various operations functions including test, turn-up and -troubleshooting.",VNF Devops,, -R-32094,"A VNF's Heat Orchestration Template parameter declaration **MAY** -contain the attribute ``label:``.",label,, -R-58775,"The xNF provider **MUST** provide software components that -can be packaged with/near the xNF, if needed, to simulate any functions -or systems that connect to the xNF system under test. This component is -necessary only if the existing testing environment does not have the -necessary simulators.",Testing,, -R-83790,The xNF **MUST** implement the **:validate** capability.,NETCONF Server Requirements,, -R-90526,"A VNF Heat Orchestration Template parameter declaration **MUST NOT** -contain the ``default`` attribute.",default,tests.test_heat_parameter_section,test_default_values -R-60106,"The xNF **MUST** implement the protocol operation: -**get(filter)** - Retrieve (a filtered subset of) the running -configuration and device state information. This should include -the list of xNF supported schemas.",NETCONF Server Requirements,, -R-34660,"The xNF **MUST** use the RESTCONF/NETCONF framework used by -the ONAP configuration subsystem for synchronous communication.",Asynchronous and Synchronous Data Delivery,, -R-22700,"The xNF **MUST** conform its YANG model to RFC 6470, -""NETCONF Base Notifications"".",NETCONF Server Requirements,, -R-43353,"The xNF **MUST** return control from Ansible Playbooks only -after tasks are fully complete, signaling that the playbook completed -all tasks. When starting services, return control only after all services -are up. This is critical for workflows where the next steps are dependent -on prior tasks being fully completed.",Ansible Playbook Requirements,, -R-23503,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an external network (per the -ONAP definition, see Requirement Requirement R-57424), -and an IPv6 address is assigned -using the property ``fixed_ips`` -map property ``ip_address`` and the parameter type is defined as a -``comma_delimited_list``, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_{network-role}_v6_ips`` - -where - - * ``{vm-type}`` is the {vm-type} associated with the - OS::Nova::Server - * ``{network-role}`` is the {network-role} of the external - network","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-57617,"The VNF **MUST** include the field ""success/failure"" in the -Security alarms (where applicable and technically feasible).",VNF Security Analytics Requirements,, -R-97343,The xNF **MUST** support ONAP Controller's **UpgradeBackup** command.,LifeCycle Management Related Commands,, -R-74763,"The xNF provider **MUST** provide an artifact per xNF that contains -all of the xNF Event Records supported. The artifact should include -reference to the specific release of the xNF Event Stream Common Event -Data Model document it is based on. (e.g., -`VES Event Listener `__)",Resource Control Loop,, -R-03656,"A VNF's Heat Orchestration Template's Resource ``OS::Heat::SoftwareConfig`` -Resource ID **MAY** use the naming convention - -* ``{vm-type}_RSC`` - -where - -* ``{vm-type}`` is the vm-type -* ``RSC`` signifies that it is the Resource Software Config",OS::Heat::SoftwareConfig,, -R-00156,"The xNF Package **MUST** include documentation describing xNF -Management APIs, which must include information and tools for -ONAP to monitor the health of the xNF (conditions that require -healing and/or scaling responses).",Resource Description,, -R-16777,"The xNF provider **MUST** provide a JSON file for each -supported action for the xNF. The JSON file must contain key value -pairs with all relevant values populated with sample data that illustrates -its usage. The fields and their description are defined in Table B1 -in the Appendix.",Configuration Management via Ansible,, -R-88199,"The VNF **MUST** utilize a persistent datastore service that -can meet the data performance/latency requirements. (For example: -Datastore service could be a VNFC in VNF or a DBaaS in the Cloud -execution environment)",VNF Design,, -R-13194,"A VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -``metadata`` map value parameter ``environment_context`` **MUST NOT** -be enumerated in the Heat Orchestration Template's environment file.",environment_context,tests.test_environment_file_parameters,test_nova_server_environment_context_parameter_doesnt_exist_in_environment_file -R-13196,A VNF **MAY** be composed of zero to many Incremental Modules.,ONAP VNF Modularity Overview,, -R-16875,"The xNF Package **MUST** include documentation which must include -a unique identification string for the specific xNF, a description of -the problem that caused the error, and steps or procedures to perform -Root Cause Analysis and resolve the issue.",Resource Control Loop,, -R-23135,"The VNF **MUST**, if not using the NCSP's IDAM API, -authenticate system to system communications where one system -accesses the resources of another system, and must never conceal -individual accountability.",VNF General Security Requirements,, -R-48470,"The VNF **MUST** support Real-time detection and -notification of security events.",VNF Security Analytics Requirements,, -R-36982,"A VNF's Heat Orchestration template **MAY** contain the ``outputs:`` -section.",outputs,, -R-04697,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an external network (per the -ONAP definition, see Requirement R-57424), -and an IPv4 address is assigned -using the property ``fixed_ips`` -map property ``ip_address`` and the parameter type is defined as a -``comma_delimited_list``, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_{network-role}_ips`` - - where - - * ``{vm-type}`` is the {vm-type} associated with the - ``OS::Nova::Server`` - * ``{network-role}`` is the {network-role} of the external - network","Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role -R-21511,"A VNF's Heat Orchestration Template's use of ``{network-role}`` -in all Resource IDs **MUST** be the same case.",{network-role},, -R-66729,"A VNF's Heat Orchestration Template's Resource that is associated with a -unique Virtual Machine type **MUST** include ``{vm-type}`` as part of the -resource ID.",{vm-type},, -R-28795,"The VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` property ``fixed_ips`` -map property ``ip_address`` parameter -``{vm-type}_int_{network-role}_ip_{index}`` -**MUST** be enumerated in the -VNF's Heat Orchestration Template's Environment File.","Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file -R-82018,"The xNF **MUST** load the Ansible Server SSH public key onto xNF -VM(s) as part of instantiation. This will allow the Ansible Server -to authenticate to perform post-instantiation configuration without -manual intervention and without requiring specific xNF login IDs and -passwords. - -CAUTION: For VNFs configured using Ansible, to eliminate the need -for manual steps, post-instantiation and pre-configuration, to -upload of SSH public keys, SSH public keys loaded during (heat) -instantiation shall be preserved and not removed by (heat) embedded -(userdata) scripts.",Ansible Client Requirements,, -R-32025,"When a VNF creates two or more internal networks, each internal -network **MUST** be assigned a unique ``{network-role}`` in the context -of the VNF for use in the VNF's Heat Orchestration Template.",Internal Networks,tests.test_port_resource_ids,test_port_resource_ids -R-62498,"The VNF **MUST** support encrypted access protocols, e.g., TLS, -SSH, SFTP.",VNF General Security Requirements,, -R-84366,"The xNF Package **MUST** include documentation describing -xNF Functional APIs that are utilized to build network and -application services. This document describes the externally exposed -functional inputs and outputs for the xNF, including interface -format and protocols supported.",Resource Description,, -R-20741,The xNF **MUST** support ONAP Controller's **Configure** command.,Configuration Commands,, -R-80898,TThe xNF **MUST** support heartbeat via a with null filter.,NETCONF Server Requirements,, -R-35735,"When the VNF's Heat Orchestration Template's Resource -``OS::Neutron::Port`` is attaching to an external network (per the -ONAP definition, see Requirement R-57424), -and an IPv6 Virtual IP (VIP) -address is assigned via ONAP automation -using the property ``allowed_address_pairs`` -map property ``ip_address``, -the parameter name **MUST** follow the -naming convention - - * ``{vm-type}_{network-role}_v6_floating_ip`` - -where - - * ``{vm-type}`` is the {vm-type} associated with the - OS::Nova::Server - * ``{network-role}`` is the {network-role} of the external - network - -And the parameter **MUST** be declared as type ``string``.","VIP Assignment, External Networks, Supported by Automation",tests.test_allowed_address_pairs_include_vm_type_network_role,test_allowed_address_pairs_include_vm_type_network_role -R-49177,"If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` Resource -metadata map value parameter ``vf_module_name`` is passed into a Nested YAML -file, the parameter name ``vf_module_name`` **MUST NOT** change.",vf_module_name,, -,,,tests.test_initial_configuration,test_02_all_referenced_resources_exists -,,,tests.test_initial_configuration,test_02_all_referenced_resources_exists -,,,tests.test_initial_configuration,test_01_valid_nesting -,,,tests.test_initial_configuration,test_01_valid_nesting -,,,tests.test_initial_configuration,test_03_all_get_param_have_defined_parameter -,,,tests.test_initial_configuration,test_03_all_get_param_have_defined_parameter -,,,tests.test_nova_servergroup_policies,test_nova_servergroup_policies -,,,tests.test_nova_servergroup_policies,test_nova_servergroup_policies -,,,tests.test_nova_servers_vm_types_use_get_param,test_vm_type_assignments_on_nova_servers_only_use_get_param -,,,tests.test_nova_servers_vm_types_use_get_param,test_vm_type_assignments_on_nova_servers_only_use_get_param -,,,tests.test_nova_servers_vm_types_use_get_param,test_vm_type_assignments_on_nova_servers_only_use_get_param -,,,tests.test_required_parameters_specified_in_env_files,test_required_parameters_provided_in_env_file -,,,tests.test_required_parameters_specified_in_env_files,test_required_parameters_provided_in_env_file -,,,tests.test_required_parameters_specified_in_env_files,test_required_parameters_provided_in_env_file -,,,tests.test_required_parameters_specified_in_heat_templates,test_required_parameters_provided_in_heat_template -,,,tests.test_required_parameters_specified_in_heat_templates,test_required_parameters_provided_in_heat_template -,,,tests.test_required_parameters_specified_in_heat_templates,test_required_parameters_provided_in_heat_template -,,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata -,,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata -,,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata -,,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata -,,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata -,,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata -,,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata -,,,tests.test_subnet_format,test_subnet_format -,,,tests.test_subnet_format,test_subnet_format -,,,tests.test_subnet_format,test_subnet_format -,,,tests.test_subnet_format_use_get_param_or_get_resource,test_subnet_format_use_get_param_or_get_resource -,,,tests.test_subnet_format_use_get_param_or_get_resource,test_subnet_format_use_get_param_or_get_resource -,,,tests.test_subnet_format_use_get_param_or_get_resource,test_subnet_format_use_get_param_or_get_resource -,,,tests.test_unique_name_str_replace_use_params_in_tmpl,test_unique_name_str_replace_use_req_params_in_tmpl -,,,tests.test_unique_name_str_replace_use_params_in_tmpl,test_unique_name_str_replace_use_req_params_in_tmpl -,,,tests.test_unique_name_str_replace_use_req_params,test_unique_name_str_replace_use_req_params -,,,tests.test_unique_name_str_replace_use_req_params,test_unique_name_str_replace_use_req_params -,,,tests.test_unique_resources_across_template,test_unique_resources_across_yaml_file -,,,tests.test_unique_resources_across_template,test_unique_resources_across_yaml_file -,,,tests.test_volume_format_outputs,test_volume_format_outputs -,,,tests.test_volume_format_outputs,test_volume_format_outputs -,,,tests.test_volume_format_outputs,test_volume_format_outputs -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_resource_ids,test_volume_resource_ids -,,,tests.test_volume_templates,test_volume_templates_only_contains_cinder -,,,tests.test_volume_templates,test_volume_templates_only_contains_cinder -,,,tests.test_volume_templates_outputs,test_volume_templates_contains_outputs -,,,tests.test_volume_templates_outputs,test_volume_templates_contains_outputs -,,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources -,,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources -,,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources -,,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources -,,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources -,,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources +Requirement ID,Section,Test Module,Test Name +R-36772,type,tests.test_heat_template_parameters_contain_required_fields,test_heat_template_parameters_contain_required_fields +R-98569,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-96983,{network-role},tests.test_port_resource_ids,test_port_resource_ids +R-00977,{network-role},tests.test_nova_servers_vm_types,test_vm_type_network_role_collision +R-22838,Property: Name,tests.test_environment_file_parameters,test_nova_server_name_parameter_doesnt_exist_in_environment_file +R-11441,type,tests.test_heat_template_structure,test_parameter_type +R-99812,Resource Property "name",tests.test_environment_file_parameters,test_non_nova_server_name_parameter_doesnt_exist_in_environment_file +R-40899,Property: Name,tests.test_unique_name_resources,test_unique_name_resources +R-74304,ONAP Heat Orchestration Template Filenames,tests.test_heat_pairs_provided,test_heat_pairs_provided +R-03324,Environment File Format,tests.test_environment_file_structure,test_environment_file_contains_required_sections +R-50011,OS::Heat::ResourceGroup Property count,tests.test_environment_file_parameters,test_heat_rg_count_parameter_exists_in_environment_file +R-05201,External Networks,tests.test_port_resource_ids,test_port_resource_ids +R-86182,Property: network,tests.test_network_format,test_network_format +R-11200,ONAP VNF Modularity Overview,tests.test_volume_outputs_consumed,test_volume_outputs_consumed +R-11168,{network-role},tests.test_port_resource_ids,test_port_resource_ids +R-27818,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-01896,Scope of a Heat Orchestration Template,tests.test_no_unused_parameters_between_env_and_templates,test_no_unused_parameters_between_env_and_templates +R-26351,OS::Neutron::Port,tests.test_port_resource_ids,test_port_resource_ids +R-29872,Property: network,tests.test_environment_file_parameters,test_nova_server_network_parameter_doesnt_exist_in_environment_file +R-99646,ONAP Heat Orchestration Template Filenames,tests.test_get_file_only_reference_local_files,test_get_file_only_reference_local_files +R-98450,Property: availability_zone,tests.test_availability_zone,test_availability_zone_naming +R-57282,Property: image,tests.test_nova_servers_resource_ids,test_nova_servers_valid_resource_ids +R-37028,ONAP VNF Modularity Overview,tests.test_base_template_names,test_base_template_names +R-51430,Property: Name,tests.test_nova_servers_vm_types,test_nova_server_name_parameter +R-81725,ONAP VNF Modularity Overview,tests.test_env_and_yaml_same_name,test_env_and_yaml_same_name +R-83412,"VIP Assignment, External Networks, Supported by Automation",tests.test_environment_file_parameters,test_neutron_port_aap_ip_parameter_doesnt_exist_in_environment_file +R-91125,Property: image,tests.test_environment_file_parameters,test_nova_server_image_parameter_exists_in_environment_file +R-80829,"Property: fixed_ips, Map Property: subnet_id",tests.test_environment_file_parameters,test_neutron_port_fixedips_subnet_parameter_doesnt_exist_in_environment_file +R-90206,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-74978,workload_context,tests.test_nova_servers_workload_context,test_workload_context +R-87485,ONAP Heat Orchestration Template Filenames,tests.test_base_template_names,test_base_template_names +R-35414,parameters,tests.test_heat_template_structure,test_heat_template_structure_contains_parameters +R-11690,Resource IDs,tests.test_nova_servers_index,test_indices +R-81339,Base Modules,tests.test_base_template_names,test_base_template_names +R-90279,parameters,tests.test_no_unused_parameters_between_env_and_templates,test_no_unused_parameters_between_env_and_templates +R-95303,YAML Format,tests.test_initial_configuration,test_00_valid_yaml +R-75141,resource ID,tests.test_resource_ids_alphanumeric_only,test_alphanumeric_resource_ids_only +R-36542,vnf_name,tests.test_environment_file_parameters,test_nova_server_vnf_name_parameter_doesnt_exist_in_environment_file +R-55218,vnf_id,tests.test_required_parameters_no_constraints,test_required_parameters_no_constraints +R-20308,environment_context,tests.test_nova_servers_environment_context,test_environment_context +R-67231,Environment File Format,tests.test_env_no_resource_registry,test_env_no_resource_registry +R-46839,{vm-type},tests.test_vm_type_resource_id,test_vm_type_resource_id +R-54171,Property: Name,tests.test_nova_servers_vm_types,test_nova_server_name_parameter +R-76057,Nested Heat file,tests.test_base_template_names,test_base_template_names +R-92193,External Networks,tests.test_environment_file_parameters,test_network_fqdn_parameter_doesnt_exist_in_environment_file +R-41492,"VIP Assignment, External Networks, Supported by Automation",tests.test_allowed_address_pairs_include_vm_type_network_role,test_allowed_address_pairs_include_vm_type_network_role +R-38474,ONAP VNF Modularity Overview,tests.test_env_and_yaml_same_name,test_env_and_yaml_same_name +R-07443,ONAP Volume Module Output Parameters,tests.test_volume_outputs_consumed,test_volume_outputs_consumed +R-98407,{vm-type},tests.test_vm_type_syntax,test_vm_type_syntax +R-26506,{network-role},tests.test_port_resource_ids,test_port_resource_ids +R-71493,vf_module_id,tests.test_servers_have_required_metadata,test_servers_have_required_metadata +R-93177,Property: network,tests.test_network_format_use_get_param_or_get_resource,test_network_format_use_get_param_or_get_resource +R-59568,Property: availability_zone,tests.test_environment_file_parameters,test_nova_server_az_parameter_doesnt_exist_in_environment_file +R-25877,,tests.test_heat_parameter_section,test_parameter_names +R-80374,vf_module_name,tests.test_environment_file_parameters,test_nova_server_vf_module_name_parameter_doesnt_exist_in_environment_file +R-30804,OS::Heat::MultipartMime,tests.test_multipart_mime_resource_id,test_multipart_mime +R-87817,Property: Name,tests.test_nova_servers_vm_types,test_nova_server_name_parameter +R-97201,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-39402,description,tests.test_heat_template_structure,test_heat_template_structure_contains_description +R-91342,Base Modules,tests.test_heat_pairs_provided,test_heat_pairs_provided +R-72871,vf_module_id,tests.test_environment_file_parameters,test_nova_server_vf_module_id_parameter_doesnt_exist_in_environment_file +R-97199,metadata,tests.test_servers_metadata_use_get_param,test_servers_metadata_use_get_param +R-85235,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-72483,vnf_name,tests.test_servers_have_required_metadata,test_servers_have_required_metadata +R-71152,Property: image,tests.test_nova_servers_vm_types,test_nova_server_image_parameter +R-56438,ONAP Heat Orchestration Template Filenames,tests.test_heat_pairs_provided,test_heat_pairs_provided +R-23664,resources,tests.test_heat_template_structure,test_heat_template_structure_contains_resources +R-78380,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-22288,"Property: fixed_ips, Map Property: subnet_id",tests.test_environment_file_parameters,test_neutron_port_fixedips_subnet_parameter_doesnt_exist_in_environment_file +R-71577,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-37437,vnf_id,tests.test_servers_have_required_metadata,test_servers_have_required_metadata +R-93030,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-87247,Incremental Modules,tests.test_base_template_names,test_base_template_names +R-44001,description,tests.test_heat_template_parameters_contain_required_fields,test_heat_template_parameters_contain_required_fields +R-83418,"VIP Assignment, External Networks, Supported by Automation",tests.test_environment_file_parameters,test_neutron_port_aap_ip_parameter_doesnt_exist_in_environment_file +R-39841,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-44318,vnf_name,tests.test_required_parameters_no_constraints,test_required_parameters_no_constraints +R-69431,Property: flavor,tests.test_environment_file_parameters,test_nova_server_flavor_parameter_exists_in_environment_file +R-88863,constraints,tests.test_heat_numeric_parameters,test_numeric_parameter +R-48067,{vm-type},tests.test_nova_servers_vm_types,test_vm_type_network_role_collision +R-86285,Environment File Format,tests.test_heat_pairs_provided,test_heat_pairs_provided +R-83677,"Property: fixed_ips, Map Property: subnet_id",tests.test_environment_file_parameters,test_neutron_port_fixedips_subnet_parameter_doesnt_exist_in_environment_file +R-20453,OS::Neutron::Port,tests.test_port_resource_ids,test_port_resource_ids +R-16447,resource ID,tests.test_unique_resources_across_all_templates,test_unique_resources_across_all_yaml_files +R-50436,Property: flavor,tests.test_nova_servers_vm_types,test_nova_server_flavor_parameter +R-82732,Cinder Volume Modules,tests.test_volume_outputs_consumed,test_volume_module_name_matches_incremental_or_base_module +R-69634,"Property: fixed_ips, Map Property: subnet_id",tests.test_environment_file_parameters,test_neutron_port_fixedips_subnet_parameter_doesnt_exist_in_environment_file +R-40499,Property: flavor,tests.test_nova_servers_resource_ids,test_nova_servers_valid_resource_ids +R-98374,vf_module_id,tests.test_required_parameters_no_constraints,test_required_parameters_no_constraints +R-84322,{network-role},tests.test_port_resource_ids,test_port_resource_ids +R-93496,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-20856,vnf_id,tests.test_environment_file_parameters,test_nova_server_vnf_id_parameter_doesnt_exist_in_environment_file +R-68936,Internal Networks,tests.test_port_resource_ids,test_port_resource_ids +R-31141,Cinder Volume Modules,tests.test_heat_pairs_provided,test_heat_pairs_provided +R-98905,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-76682,Interface Route Table Prefixes for Contrail InterfaceRoute Table,tests.test_environment_file_parameters,test_contrail_route_prefixes_parameter_doesnt_exist_in_environment_file +R-62590,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-69014,External Networks,tests.test_port_resource_ids,test_port_resource_ids +R-04747,OS::Heat::CloudConfig,tests.test_cloud_config_resource_id,test_cloud_config +R-29765,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-45188,Property: flavor,tests.test_nova_servers_vm_types,test_nova_server_flavor_parameter +R-27078,heat_template_version,tests.test_heat_template_structure,test_heat_template_structure_contains_heat_template_version +R-53433,ONAP VNF Modularity Overview,tests.test_env_and_yaml_same_name,test_env_and_yaml_same_name +R-94509,Incremental Modules,tests.test_heat_pairs_provided,test_heat_pairs_provided +R-26124,default,tests.test_no_unused_parameters_between_env_and_templates,test_no_unused_parameters_between_env_and_templates +R-87123,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-02691,workload_context,tests.test_environment_file_parameters,test_nova_server_workload_context_parameter_doesnt_exist_in_environment_file +R-62983,Property: network,tests.test_network_format,test_network_format +R-40971,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-00011,constraints,tests.test_nested_parameters,test_nested_parameter +R-98748,"VIP Assignment, External Networks, Supported by Automation",tests.test_allowed_address_pairs_include_vm_type_network_role,test_allowed_address_pairs_include_vm_type_network_role +R-34037,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-90526,default,tests.test_heat_parameter_section,test_default_values +R-23503,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-13194,environment_context,tests.test_environment_file_parameters,test_nova_server_environment_context_parameter_doesnt_exist_in_environment_file +R-04697,"Property: fixed_ips, Map Property: ip_address",tests.test_fixed_ips_include_vm_type_network_role,test_fixed_ips_include_vm_type_network_role +R-28795,"Property: fixed_ips, Map Property: ip_address",tests.test_environment_file_parameters,test_neutron_port_fixedips_ipaddress_parameter_doesnt_exist_in_environment_file +R-32025,Internal Networks,tests.test_port_resource_ids,test_port_resource_ids +R-35735,"VIP Assignment, External Networks, Supported by Automation",tests.test_allowed_address_pairs_include_vm_type_network_role,test_allowed_address_pairs_include_vm_type_network_role +,,tests.test_initial_configuration,test_02_all_referenced_resources_exists +,,tests.test_initial_configuration,test_02_all_referenced_resources_exists +,,tests.test_initial_configuration,test_01_valid_nesting +,,tests.test_initial_configuration,test_01_valid_nesting +,,tests.test_initial_configuration,test_03_all_get_param_have_defined_parameter +,,tests.test_initial_configuration,test_03_all_get_param_have_defined_parameter +,,tests.test_nova_servergroup_policies,test_nova_servergroup_policies +,,tests.test_nova_servergroup_policies,test_nova_servergroup_policies +,,tests.test_nova_servers_vm_types_use_get_param,test_vm_type_assignments_on_nova_servers_only_use_get_param +,,tests.test_nova_servers_vm_types_use_get_param,test_vm_type_assignments_on_nova_servers_only_use_get_param +,,tests.test_nova_servers_vm_types_use_get_param,test_vm_type_assignments_on_nova_servers_only_use_get_param +,,tests.test_required_parameters_specified_in_env_files,test_required_parameters_provided_in_env_file +,,tests.test_required_parameters_specified_in_env_files,test_required_parameters_provided_in_env_file +,,tests.test_required_parameters_specified_in_env_files,test_required_parameters_provided_in_env_file +,,tests.test_required_parameters_specified_in_heat_templates,test_required_parameters_provided_in_heat_template +,,tests.test_required_parameters_specified_in_heat_templates,test_required_parameters_provided_in_heat_template +,,tests.test_required_parameters_specified_in_heat_templates,test_required_parameters_provided_in_heat_template +,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata +,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata +,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata +,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata +,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata +,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata +,,tests.test_servers_have_optional_metadata,test_servers_have_optional_metadata +,,tests.test_subnet_format,test_subnet_format +,,tests.test_subnet_format,test_subnet_format +,,tests.test_subnet_format,test_subnet_format +,,tests.test_subnet_format_use_get_param_or_get_resource,test_subnet_format_use_get_param_or_get_resource +,,tests.test_subnet_format_use_get_param_or_get_resource,test_subnet_format_use_get_param_or_get_resource +,,tests.test_subnet_format_use_get_param_or_get_resource,test_subnet_format_use_get_param_or_get_resource +,,tests.test_unique_name_str_replace_use_params_in_tmpl,test_unique_name_str_replace_use_req_params_in_tmpl +,,tests.test_unique_name_str_replace_use_params_in_tmpl,test_unique_name_str_replace_use_req_params_in_tmpl +,,tests.test_unique_name_str_replace_use_req_params,test_unique_name_str_replace_use_req_params +,,tests.test_unique_name_str_replace_use_req_params,test_unique_name_str_replace_use_req_params +,,tests.test_unique_resources_across_template,test_unique_resources_across_yaml_file +,,tests.test_unique_resources_across_template,test_unique_resources_across_yaml_file +,,tests.test_volume_format_outputs,test_volume_format_outputs +,,tests.test_volume_format_outputs,test_volume_format_outputs +,,tests.test_volume_format_outputs,test_volume_format_outputs +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_resource_ids,test_volume_resource_ids +,,tests.test_volume_templates,test_volume_templates_only_contains_cinder +,,tests.test_volume_templates,test_volume_templates_only_contains_cinder +,,tests.test_volume_templates_outputs,test_volume_templates_contains_outputs +,,tests.test_volume_templates_outputs,test_volume_templates_contains_outputs +,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources +,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources +,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources +,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources +,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources +,,tests.test_volume_templates_outputs_resources,test_volume_templates_outputs_match_resources -- cgit 1.2.3-korg