Infrastructure
as
Code
(IaC)
enables
developers
and
operations
teams
to
automatically
deploy
manage
an
IT
infrastructure
via
software.
Among
other
uses,
IaC
is
widely
used
in
the
context
of
continuously
released
deployments
such
those
microservice
cloud-based
systems.
Although
IaC-based
have
been
utilized
by
many
companies,
there
are
no
approaches
on
checking
their
conformance
architectural
aspects
yet.
In
this
paper,
we
focus
security-related
practices
including
observability,
access
control,
traffic
control
deployments.
While
best
for
topic
documented
some
gray
literature
sources
practitioners'
blogs
public
repositories,
enabling
automated
do
not
yet
exist.
We
propose
a
model-based
approach
based
generic,
technology-independent
metrics,
tied
typical
design
decisions
With
approach,
can
measure
practices.
demonstrate
assess
validity
appropriateness
these
metrics
assessing
system's
through
regression
analysis.
Proceedings of the ACM on software engineering.,
Journal Year:
2024,
Volume and Issue:
1(FSE), P. 427 - 449
Published: July 12, 2024
The
Linux
kernel
is
highly-configurable,
with
a
build
system
that
takes
configuration
file
as
input
and
automatically
tailors
the
source
code
accordingly.
Configurability,
however,
complicates
testing,
because
different
options
lead
to
inclusion
of
fragments.
With
thousands
patches
received
per
month,
maintainers
employ
extensive
automated
continuous
integration
testing.
To
attempt
patch
coverage,
i.e.,
taking
all
changed
lines
into
account,
current
approaches
either
use
files
maximize
total
statement
coverage
or
multiple
randomly-generated
files,
both
which
incur
high
times
without
guaranteeing
coverage.
achieve
exploding
times,
we
propose
krepair,
repairs
are
fast-building
but
have
poor
little
effect
on
times.
krepair
works
by
discovering
small
set
changes
will
ensure
preserving
most
original
file's
settings.
Our
evaluation
shows
that,
when
applied
statistically-significant
sample
recent
patches,
achieves
nearly
complete
98.5%
average,
while
changing
less
than
1.53%
default
in
99%
keeps
10.5x
faster
maximal
files.
Proceedings of the ACM on Programming Languages,
Journal Year:
2024,
Volume and Issue:
8(OOPSLA2), P. 2490 - 2520
Published: Oct. 8, 2024
Modern
applications
have
become
increasingly
complex
and
their
manual
installation
configuration
is
no
longer
practical.
Instead,
IT
organizations
heavily
rely
on
Infrastructure
as
Code
(IaC)
technologies,
to
automate
the
provisioning,
configuration,
maintenance
of
computing
infrastructures
systems.
IaC
systems
typically
offer
declarative,
domain-specific
languages
(DSLs)
that
allow
system
administrators
developers
write
high-level
programs
specify
desired
state
infrastructure
in
a
reliable,
predictable,
documented
fashion.
Just
like
traditional
programs,
software
not
immune
faults,
with
issues
ranging
from
deployment
failures
critical
misconfigurations
often
impact
production
used
by
millions
end
users.
Surprisingly,
despite
its
crucial
role
global
management,
tooling
techniques
for
ensuring
reliability
still
room
improvement.
In
this
work,
we
conduct
comprehensive
analysis
360
bugs
identified
within
prominent
ecosystems
including
Ansible,
Puppet,
Chef.
Our
work
first
in-depth
exploration
bug
characteristics
these
widely-used
environments.
Through
our
aim
understand:
(1)
how
manifest,
(2)
underlying
root
causes,
(3)
reproduction
requirements
terms
(e.g.,
operating
versions)
or
input
characteristics,
(4)
are
fixed.
Based
findings,
evaluate
state-of-the-art
reliability,
identify
limitations,
provide
set
recommendations
future
research.
We
believe
study
helps
researchers
better
understand
complexity
peculiarities
software,
develop
advanced
more
reliable
robust
configurations.
Infrastructure-as-Code
(IaC)
technologies
are
used
to
automate
the
deployment
of
cloud
applications.
They
promote
usage
code
define
and
configure
IT
infrastructure
applications
allowing
them
benefit
from
conventional
software
development
practices,
which
facilitates
rapid
new
versions
application
infrastructures
without
sacrificing
quality
or
stability.
On
other
hand,
enterprise
need
conform
compliance
regarding
external
regulations
internal
policies.
Many
these
rules
affect
architecture
on
IaC
operates.
However,
managing
architectural
IaC-based
deployments
faces
a
number
challenges,
such
as
configuration
drift
heterogeneity
technologies.
Therefore,
in
this
work,
we
present
vision
how
uniformly
manage
that
utilize
heterogeneous
for
automation.
To
end,
introduce
an
initial
design
Architectural
Compliance
Management
Framework
discuss
it
addresses
corresponding
challenges.
2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER),
Journal Year:
2022,
Volume and Issue:
unknown, P. 63 - 67
Published: March 1, 2022
Infrastructure
as
Code
(IaC)
scripts,
such
Puppet
provide
practitioners
the
opportunity
to
provision
computing
infrastructure
automatically
at
scale.
Poorly
written
IaC
scripts
impact
various
facets
of
quality
(such
security
and
maintainability)
and,
in
turn,
may
lead
serious
consequences.
Many
ill-effects
can
be
avoided
or
rectified
easily
by
following
recommendations
derived
from
research
best
practices
gleaned
experience.
While
researchers
have
investigated
methods
improve
aspects
needs
summarized
synthesized
for
industry
practitioners.
In
this
article,
we
summarize
recent
domain
discussing
key
issues,
specifically
maintainability
smells,
that
arise
an
script.
We
also
mine
open-source
repositories
three
organizations
(Mozilla,
Openstack,
Wikimedia)
report
our
observations
on
identified
smells.
Furthermore,
synthesize
literature
software
could
scripts.
Software
development
teams
dealing
with
large
get
benefited
actionable
recommended
practices.
addition,
use
study
find
opportunities
state-of-the-art.
Infrastructure
as
Code
(IaC)
enables
developers
and
operations
teams
to
automatically
deploy
manage
an
IT
infrastructure
via
software.
Among
other
uses,
IaC
is
widely
used
in
the
context
of
continuously
released
deployments
such
those
microservice
cloud-based
systems.
Although
IaC-based
have
been
utilized
by
many
companies,
there
are
no
approaches
on
checking
their
conformance
architectural
aspects
yet.
In
this
paper,
we
focus
security-related
practices
including
observability,
access
control,
traffic
control
deployments.
While
best
for
topic
documented
some
gray
literature
sources
practitioners'
blogs
public
repositories,
enabling
automated
do
not
yet
exist.
We
propose
a
model-based
approach
based
generic,
technology-independent
metrics,
tied
typical
design
decisions
With
approach,
can
measure
practices.
demonstrate
assess
validity
appropriateness
these
metrics
assessing
system's
through
regression
analysis.
