Abstract: A system and method employed by an infrastructure-as-code (IaC) tool that is configured for defining IaC configurations comprising containers of interconnected components of a cloud computing platform. A system includes a graph generator configured to generate a graph of dependencies between the interconnected components of the cloud computing platform based at least in part on user-defined input-output relationships between the interconnected components. The IaC tool is configured to use the graph of dependencies to automatically determine a sequence of the provisioning or deployment of the interconnected components of the cloud computing platform. The system further includes a remote procedure call interface configured to enable communications between the IaC tool and the cloud computing platform, the remote procedure call interface further configured to enable the provisioning or deployment of the interconnected components of the cloud computing platform, in the determined sequence.

Abstract: A system and method for accessing and using one or more networked services of a cloud computing infrastructure by a user of a client computer includes an identity-based access management system that is configured to receive a request for a session via an API to use a specific service of the one or more networked services. A credential store includes a credential library that receives and stores credentials for authorizing and enabling the session with the specific service of the one or more networked services. A target service is configured to authorize and enable the session based on the received credentials. A secrets management system is configured to authenticate the user and the client computer to access and use the specific service authorized by the target service, and to generate a lease to a credential that is transmitted to the client computer to authorize the session with the specific service.

Abstract: A computing infrastructure configuration system and method include an infrastructure-as-code configuration tool providing a configuration language that defines the configuration and operation of the computing infrastructure using a declarative syntax. The declarative syntax is configured to express a plurality of built-in functions that can be executed by the computing infrastructure based on the configuration of the computing infrastructure. The system and method further include a syntax extension from the declarative syntax that expresses one or more provider-defined functions defined by one or more providers, and connected to the configuration tool by a provider protocol, the provider protocol providing the syntax extension to invoke the one or more provider-defined functions via the configuration language to enable the computing infrastructure to call at least one of the one or more of the provider-defined functions for execution by the computing infrastructure.

Abstract: One example operation may include selecting one or more terms to query one or more software repositories, querying the one or more of the software repositories for instances of the one or more query terms, identifying one or more domain names included in the one or more software repositories based on the query, and determining one or more relevancy scores corresponding to the one or more public software repositories based on a quantity of identified terms instances and domain names.

Abstract: A computing device may access a hierarchical tree structure defining a data model for a workflow tool. The workflow tool being configured for building, deploying and releasing application code of an application to one or more cloud computing platforms. The hierarchical tree structure having a plurality of nodes that store data related to the application code. The computing device may receive a request to add a projects-child node associated with a code repository to the hierarchical tree structure. The computing device may add the projects-child node to the hierarchy as a child node of the identified organization-parent node. The projects-child node can be configured to support one or more dependent child nodes depending from the projects-child node. The dependent child nodes can include at least one of an applications-child node, a builds-child node, a deployments-child node, an artifacts-child node, or a releases-child node.

Abstract: A configuration of a service of a cloud computing system is rendered in a user interface of an electronic display, according to a discovery chain generated by a networking tool using a service discovery function to establish the configuration. The configuration includes one or more of a router, a splitter, and/or a resolver, each having one or more configuration files that are represented as a graphical element within a graphical representation of the one or more of the router, the splitter, and/or the resolver. The configuration further includes data traffic routes between pairs of the configuration files, each being represented in the UI as a line between each pair of configuration files, where each line is rendered in the UI so as to avoid crossing over any graphical element that represents a configuration file.

Abstract: A method for managing an information technology infrastructure is provided. The method may include generating a workspace configured to maintain configurations for the information technology infrastructure. A configuration file specifying configurations to apply to the information technology infrastructure may be merged into the workspace. An execution plan may be generated based on the workspace. The execution plan may include operations to apply, to the information technology infrastructure, the configurations specified in the configuration file. The configurations may be applied, based on the execution plan, by at least provisioning, modifying, and/or de-provisioning one or more resources at the information technology infrastructure. Related systems and articles of manufacture, including computer program products, are also provided.

Abstract: A method for cross datacenter service-to-service communication over a shortest network route using mesh gateways. A mesh gateway receives a protocol message from a first service directed to a second service, identifies destination information associated with the second service, recognizes a routing configuration for routing the protocol message, determines a network route based on the routing configuration, and forwards the protocol message to another gateway associated with the second service over the determined network route.

Abstract: A process and mechanism, such as a system and/or computer-implemented method, for establishing verified and trusted communications between an upstream and a downstream node in a network or across many nodes in a multi-hop fashion, without needing direct communications from the downstream node to a central authority. Only a single node needs direct communications with the central authority, which may be the central authority itself acting in this capacity. Any other node in the network can connect to a node that is already verified, establish mutual trust, and itself become “upstream” to a new node or set of nodes. This process and mechanism can apply to any two nodes that are configured to communicate given the same set of conditions without any explicit or implicit multi-hop capability, however, the present process and mechanism is most applicable in multi-hop systems.

Abstract: A system and method for multi-region deployment of application jobs in a federated cloud computing infrastructure. A job is received for execution in two or more regions of the federated cloud computing infrastructure, each of the two or more regions comprising a collection of servers joined in a raft group for separate, regional execution of the job generating a copy of the job for each of the two or more regions. The job is then deployed to the two or more regions, the workload orchestrator deploying the job according to a deployment plan. A state indication is received from each of the two or more regions, the state indication representing a state of completion of the job by each respective region of the multi-cloud computing infrastructure.

Abstract: A discovery and routing service may generate a URL related to an application to be deployed to a cloud computing platforms, the URL, providing access to an edge list containing one or more edge nodes. The discovery and routing service may connect at least one agent to the URL. The discovery and routing service may send authentication information to the agent, including an identifier related to the agent, and a set of agent labels. The discovery and routing service may insert, after authentication by the edge node, the authentication information into a routing mesh. The discovery and routing service may locate the agent, in response to a request, based on a comparison between the set of request labels and a set of agent labels. The discovery and routing service may connect the located agent with traffic to and from the routing mesh.

Abstract: A system and method employed by an infrastructure-as-code (IaC) tool that is configured for defining IaC configurations comprising containers of interconnected components of a cloud computing platform. A system includes a graph generator configured to generate a graph of dependencies between the interconnected components of the cloud computing platform based at least in part on user-defined input-output relationships between the interconnected components. The IaC tool is configured to use the graph of dependencies to automatically determine a sequence of the provisioning or deployment of the interconnected components of the cloud computing platform. The system further includes a remote procedure call interface configured to enable communications between the IaC tool and the cloud computing platform, the remote procedure call interface further configured to enable the provisioning or deployment of the interconnected components of the cloud computing platform, in the determined sequence.

Abstract: A method for generating a configuration file for configuring an information technology infrastructure is provided. The method may include receiving, from a first user at a first client, a first indication to publish an infrastructure module comprising a set of configurations to apply to an information technology infrastructure. The infrastructure module may be stored in a module registry in response to the first indication. A second indication selecting the infrastructure module may be received from a second user at a second client. In response to the second indication, the infrastructure module may be sent from the module registry to the second client for insertion into a configuration file being created at the second client. The insertion of the infrastructure module may incorporate, into configuration file, the set of configurations to apply to the information technology infrastructure. Related systems and articles of manufacture, including computer program products, are also provided.

Abstract: A computing infrastructure configuration system and method include an infrastructure-as-code configuration tool providing a configuration language that defines the configuration and operation of the computing infrastructure using a declarative syntax. The declarative syntax is configured to express a plurality of built-in functions that can be executed by the computing infrastructure based on the configuration of the computing infrastructure. The system and method further include a syntax extension from the declarative syntax that expresses one or more provider-defined functions defined by one or more providers, and connected to the configuration tool by a provider protocol, the provider protocol providing the syntax extension to invoke the one or more provider-defined functions via the configuration language to enable the computing infrastructure to call at least one of the one or more of the provider-defined functions for execution by the computing infrastructure.

Abstract: A discovery and routing service may generate a URL related to an application to be deployed to a cloud computing platforms, the URL providing access to an edge list containing one or more edge nodes. The discovery and routing service may connect at least one agent to the URL. The discovery and routing service may send authentication information to the agent, including an identifier related to the agent, and a set of agent labels. The discovery and routing service may insert, after authentication by the edge node, the authentication information into a routing mesh. The discovery and routing service may locate the agent, in response to a request, based on a comparison between the set of request labels and a set of agent labels. The discovery and routing service may connect the located agent with traffic to and from the routing mesh.

Abstract: A workflow tool to build, deploy and release application code of an application to any of one or more cloud computing platforms. The workflow tool is executed by one or more processors to generate a single configuration file for the application, the single configuration file comprising, using a common command-line interface (CLI) language: a build configuration defining a build tool used for building the application; a deploy configuration defining a cloud computing platform to which the application will be deployed; and a release configuration defining logic for releasing the application to one or more users of the cloud computing platform. The workflow tool further includes a release uniform resource locator (URL) generated by the first processor, the release URL providing access, by the cloud computing platform to the one or more users, to the application upon the releasing.

Abstract: A workflow tool to build, deploy and release application code of an application to any of one or more cloud computing platforms. The workflow tool is executed by one or more processors to generate a single configuration file for the application, the single configuration file comprising, using a common command-line interface (CLI) language: a build configuration defining a build tool used for building the application; a deploy configuration defining a cloud computing platform to which the application will be deployed; and a release configuration defining logic for releasing the application to one or more users of the cloud computing platform. The workflow tool further includes a release uniform resource locator (URL) generated by the first processor, the release URL providing access, by the cloud computing platform to the one or more users, to the application upon the releasing.

Abstract: Special performance standby nodes for data storage in a cloud computing security system are disclosed. Performance standby nodes are standby nodes that are configured to service requests that do not modify the underlying data store. These pseudo read-replica nodes are further configured to forward any request that results in a storage write onto an active node, while being able to service read-only requests locally.

Abstract: A configuration of a service of a cloud computing system is rendered in a user interface of an electronic display, according to a discovery chain generated by a networking tool using a service discovery function to establish the configuration. The configuration includes one or more of a router, a splitter, and/or a resolver, each having one or more configuration files that are represented as a graphical element within a graphical representation of the one or more of the router, the splitter, and/or the resolver. The configuration further includes data traffic routes between pairs of the configuration files, each being represented in the UI as a line between each pair of configuration files, where each line is rendered in the UI so as to avoid crossing over any graphical element that represents a configuration file.

Abstract: Security configuration optimizer system and methods create optimized access control policies. The systems and methods analyze constraints on the secured system and produce a plurality of proposals for an updated security configuration. The proposals are analyzed and filtered. A resulting set of proposals are graded or ranked according to a variety of desirable outcomes. A proposal is selected according to criteria based on the balance of security and complexity. The security configuration is updated according to the selected proposal.